Police Exchange E-mails with Hackers in StingSymantec Confirms Anonymous Leaked Old Source Code
On Monday, hackers claimed they leaked about 1.25 gigabytes of the source code of pcAnywhere, software that allows users to access their personal computers remotely. Symantec confirmed the source code of pcAnywhere and Norton Utilities were made public. The company identified the software as part of the original cache of code for 2006 versions of the products that Anonymous had claimed to possess over the past few weeks.
Hackers who use the moniker the Lords of Dharamaja, and claim to be affiliated with the hacktivist collective Anonymous, said in a Twitter post Monday: "You won't believe it but Symantec offered us money to keep quiet."
But in a statement issued Tuesday, Symantec spokesman Cris Paden said Anonymous initiated the contact, and it never considered paying ransom. Instead, Paden said, Symantec contacted law enforcement authorities.
A day before, hackers posted on pastebin.com what they said was an e-mail exchange they had with a Symantec official called Sam Thomas. In one message, Thomas wrote:
"We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem."
Paden said the posted e-mail string was between the hackers and police who used a fake e-mail address. "Anonymous actually reached out to us first, saying that if we provided them with money, they would not post any more source code," Paden said. "At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents, not Symantec. This was all part of their investigative techniques for these types of incidents."
Citing the continuing investigation, Paden didn't provide further details on the contact with the hackers.
The code had been pilfered in a breach that occurred six years ago, an incident Symantec initially denied happening (see Symantec: Breach Led to Source Code Leak).
Paden said Symantec was prepared for the code to be posted at some point, and had distributed a series of patches since Jan. 23 to protect customers against known vulnerabilities.
Symantec said hackers also obtained code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. "This is old code, and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products," Paden said.
Still, he said: "We anticipate that Anonymous will post the rest of the code they have claimed to have in their possession."