Hackers claiming to have the source code for Symantec's PCAnywhere and Norton Antivirus software attempted to extort $50,000 from the company, according to e-mail transcripts posted on February 7.
But the point of contact for the hacker group involved in the code exposure claimed in an e-mail conversation with Reuters that they never intended to take money from Symantec, and that the negotiations were a scam in themselves to embarrass the company. And according to the transcript, it was Symantec that set the price of the hackers' destruction of the code, along with a demand that the hackers publish a statement saying that they had lied about obtaining the code.
"We tricked them into offering us a bribe so we could humiliate them," an individual calling himself Yamatough and claiming to be part of a hacker group called Lords of Dharmaraja, told Reuters' Frank Jack Daniel. Yamatough, who claims he is from Mumbai and that his group is affiliated with Anonymous, announced the offer on Twitter: "You won't believe it but Symantec offered us money to keep quiet."
Symantec previously told users to disable PCAnywhere to prevent security vulnerabilities. But on January 30, the company said that users of the current release are safe from attack, and offered free upgrades to owners of older versions of the product.
A transcript of the e-mail thread spanning over nearly a month posted to Pastebin between Yamatough and a Symantec email account under the name "Sam Thomas" documents the attempts by Symantec to prevent the release of the company's code. Yamatough demanded payment through Liberty Reserve, the Costa Rica-based e-payment service, or via a "wire transfer to a bank account in Lithuania or Latvia." Symantec spokesperson Chris Paden told Forbes' Andy Greenberg that Sam Thomas was a pseudonym set up by law enforcement agents trying to use the negotiations to track the hackers, and that no money ever changed hands. But Paden wouldn't say which law enforcement agency was involved.
The messages sent to the hacker from the faked employee account and a corresponding GMail account appear to try to string along the hackers with a series of excuses. Thomas requested copies of source files to confirm that the group actually had the code, and then protested that he was having technical difficulty getting the files because they were blocked by both his corporate email system and GMail. Then Thomas said Symantec was trying to set up a secure FTP server for the file transfer, and then delayed again claiming that Symantec was having "network issues with FTP" on the computer set up for the task.
On January 25, Yamatough apparently tired of the delays and e-mailed Symantec: "If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont fuck with us."
The fake Symantec employee continued to ask for more time, and on February 1 offered $50,000 for destruction of the code, paid in installments. But Yamatough emailed back the same day, "I am afraid we have to cancel the whole deal because our offshore people wont let us securely get the money because they wont process amounts less than 50k a shot. Therefore we are afraid we can not proceed with you on the conditions offered." After more back-and-forth over the payment method, on February 6, Yamatough e-mailed, "We give you 10 minutes to decide which way you go. After that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar)... This time we've made mirrors so it will be hard for you to get rid of it."
On Twitter, Yamatough laughed off Paden's claim that there was a law enforcement sting. And he announced that the Norton Antivirus code would be released on February 7.
Listing image by Photograph by charamelody
reader comments
34