pcAnywhere code allegedly leaked after failed extortion attempt
Late Monday evening a 1.2GB file named “Symantec’s pcAnywhere Leaked Source Code” was posted on The Pirate Bay. The security firm has downloaded and is analyzing it, but has still to confirm whether it contains the software’s source code allegedly stolen during a 2006 breach into its systems.
The file was published after an unsuccessful bout of negotiations between Symantec and a hacker who goes by the handle Yamatough, who tried to sell the stolen code back to the company.
The transcript of the emails exchanged during this process has turned up on Pastebin on Monday, and was confirmed to be legitimate by Symantec.
“In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession,” stated a company spokeperson. “Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.”
During the negotiations, the Symantec employee (later law enforcement agent) and Yamatough discussed things like whether the hacker could prove that he has the source code in question, how could Symantec be sure that the code will be destroyed after paying, and the amount of money ($50,000) that the hacker would get for it and how it will be transferred to him.
After a few threats of cutting communications if they “detect any malevolent tracing action” and selling the code to other interested parties, the hacker finally lost his patience when he was told for the umpteenth time that decisions about stuff like this can’t be made speedily in a company like Symantec.
It is impossible to know whether Yamatough belongs to the Lords of Dharmaraja hacker group, which is supposedly behind the 2006 Symantec breach and has managed to get their hands on the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere.
But, it does seem counterproductive posting the source code online when you intend to sell it.
UPDATE:
Symantec has confirmed that the leaked source code is legitimate.
“So far, they have posted code for the 2006 version of Norton Utilities and pcAnywhere,” said Symantec’s spokesman Cris Paden. “We also anticipate that at some point, they will post the code for Norton Antivirus [NAV] Corporate Edition and Norton Internet Security [NIS]. NAV Corporate Edition is no longer for sale or supported, and NIS has been completely rebuilt.”
YamaTough announced the imminent leaking of the source code for NAV Corporate Edition on his Twitter account.