Symantec offered hacker $50,000 for stolen source code

By Lee Kaelin on February 7, 2012, 8:30 AM

Anonymous released email exchanges between a member and Symantec yesterday, revealing that the security firm offered them $50,000 in exchange for destroying the source code of pcAnywhere and Norton Antivirus tools, believed to have been obtained by hackers after breaking into servers of the Indian Military Intelligence in 2006.

The deal fell through after extended discussions about payment through Liberty Reserve bank in Costa Rica and issues with receiving the proof of code they requested. The source code for Symantec’s pcAnywhere has now been released through Pirate Bay.

The email communications published on Pastebin by Anonymous detail a Symantec employee, Sam Thomas, negotiating with YamaTough under the umbrella of Anonymous out of a Venezuelan email address last month. In them the security company offered the hacker substantial money to not release the code, and state they never publicly had it.

"We will pay you $50,000.00 USD total," the email from Sam Thomas read. "However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain."

A Symantec spokesperson released a statement via email to CNet last night with their side of the story:

"In January, an individual claiming to be part of the Anonymous group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession […] Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."

In an interview with Forbes, Symantec spokesperson Cris Paden stated that the employee in the emails was in fact a law enforcement agent, who was pretending to pursue the negotiation in order to trace the hacker. "No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation," Paden said.

Symantec released an update to its pcAnywhere software on January 30, after previously advising customers not to use it until the patch had been released. The firm has stated that due to the age of the source code, it poses no real threat to customers even if the full blueprint is released.




User Comments: 13

Got something to say? Post a comment
Lurker101 said:

If the source code is so old that is poses no real threat, why are they telling customers not to use pcAnywhere until a patch has been released?

example1013 said:

I wouldn't be surprised if Symantec weren't theoretically willing to make such an offer (that's the salary of the guy who's going to have to write the new source code), but I find it extremely hard to believe that a tech security company would ever trust all copies of something to be destroyed in such a manner.

Mindwraith said:

Anon keeps falling for this stuff. Maybe they wouldn't fall into so many holes if they weren't so cocky, or if they were older than 15..

Trillionsin Trillionsin said:

If Anonymous made sense... they wouldnt do shit like this. This just goes to show that Anonymous... is just anonymous. Just a bunch of people claiming to be this "Anonymous." If they are against SOPA, and all that jazz, why use Pirate Bay or the like to publish this source code? This just gives me a stronger feeling to support SOPA and have the Pirate Bay shut down, because god knows that people who write viruses need Norton's source code, no matter how old it is, it's still going to be useful to the countless number of people who write viruses/trojans/malware, because you should know... that about 65 percent (just a guess) of the people that have that software installed, have no freaking clue whats going on.

AmpFeare said:

put your source code on a flash drive and unplug it, jesus. MY SOURCE CODE WAS HACKED. put it on a flash drive and unplug it on put it on your desk and this wont happen. so hard to do people.

AmpFeare said:

unplug it on should say unplug it and********

Wendig0 Wendig0, TechSpot Paladin, said:

Mindwraith said:

Anon keeps falling for this stuff. Maybe they wouldn't fall into so many holes if they weren't so cocky, or if they were older than 15..

I couldn't have said it better myself

SCJake said:

@trillionsin

Thats the point. The ORIGINAL purpose of Anonymous is that they dont exist. By having a fake hacker group known as Anonymous, people will continue to pursue this group. team poison, jester, ccc, lulzsec (or whats left) will just go in as anonymous and do whatever they want. Anonymous is just a farce and the people pretending to be behind it are usually no real threat.

i cite myself that this was the original purpose

Kibaruk Kibaruk, TechSpot Paladin, said:

I'm pretty sure that it's worth mooore than $50k

Guest said:

This is like some kinda plot from a Hollywood film. Haha.

NTAPRO NTAPRO said:

someone13 at 2012-02-07 15:26 CET:

what can we do after we have the source code?

I lol'd

Phraun said:

trillionsin said:

If Anonymous made sense... they wouldnt do shit like this. This just goes to show that Anonymous... is just anonymous. Just a bunch of people claiming to be this "Anonymous." If they are against SOPA, and all that jazz, why use Pirate Bay or the like to publish this source code? This just gives me a stronger feeling to support SOPA and have the Pirate Bay shut down, because god knows that people who write viruses need Norton's source code, no matter how old it is, it's still going to be useful to the countless number of people who write viruses/trojans/malware, because you should know... that about 65 percent (just a guess) of the people that have that software installed, have no freaking clue whats going on.

If you think that shutting down tPB would provide any noticeable barrier to something like this, you're living in a dream world. Someone that possesses enough know-how to abscond with AV source code sure as hell knows how to move files across the web without a damn torrent tracker. The same is true of anyone that could actually use that code in any meaningful way. You are essentially advocating wasting a bunch of government funding to accomplish nothing whatsoever. (Granted, that's par for the course with the feds these days.)

PinothyJ said:

Wendig0 said:

Mindwraith said:

Anon keeps falling for this stuff. Maybe they wouldn't fall into so many holes if they weren't so cocky, or if they were older than 15..

I couldn't have said it better myself

And yet can still do more with their fingers on a keyboard than you will accomplish in your entire life - makes you mighty depressed to think how waste our lives are...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.