Hackers spunk 'pcAnywhere source' after negotiation breakdown
'Fed posing as Symantec worker' offered $50k to activists
Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec's pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and "a federal agent posing as a Symantec employee".
Symantec has confirmed that a dialogue had taken place between the hacktivists and "a law enforcement official", saying it had turned the case over to the Feds as soon as the hackers had contacted it.
The release of the 1.27GB file as a torrent coincides with the breakdown of the "negotiations" – which the group has now published on Pastebin – that took place between "Symantec" and YamaTough, spokesperson of hacker group Lords of Dharmaraja. Lords of Dharmaraja are an Indian hacking crew affiliated with Anonymous' Op AntiSec that claimed to have obtained access to the source code of pcAnywhere and other security software products from the security giant.
Taken at face value, the dialogue suggests that "Symantec" was prepared to offer payment of $50,000 (in instalments) on condition that the Lords of Dharmaraja were able to provide assurances that the hackers destroyed source code in their possession and made a statement that the hack it claimed against Symantec was a lie.
LoD claims it turned down $50k offer for the code
The purported Symantec spokesperson, who used a Gmail account, at one point tried to persuade the hackers to upload source code sample via an FTP server, a suggestion the hackers dismissed out of hand as a ruse designed to trick them into revealing their IP address.
The protracted negotiations involved much talk about payment methods, with the Lords of Dharmaraja insisting on payment by Liberty Reserve or via bank accounts in Lithuania and Latvia. "Symantec" offered to pay $1,000 via PayPal, an offer the AntiSec-affiliated hackers quickly rejected.
At several points the Lord of Dharmaraja set deadlines for response that "Symantec" then said it was unable to meet – supposedly because of the difficulty of reaching a quick decision in a corporate environment. Three weeks into the dialogue, the Lord of Dharmaraja and "Symantec" were still miles apart in terms of the negotiations. The hackers apparently became bored with the discussion and released both the dialogue and the source code.
"Since no code yet being released and our email communication wasn't also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it," the hacktivists said in their final message on Monday.
A search on torrent sites suggests that only the code for pcAnywhere and Norton Antivirus has been released. Whether the code released is the genuine deal remains unconfirmed. Searches for either item may become contaminated with malicious links or malware, like any newsworthy item, something that has nothing to do with either the activists, Symantec or the FBI.
In a statement, Symantec said that the dialogue between the Lords of Dharmaraja actually took place with a law enforcement official rather than a representative of the security giant. It said it had turned the matter over to an unspecified agency as soon as it was clear the hackers wanted to extort payment in return for holding off on the release of its source code. The hackers claim they were offering Symantec first refusal on something they would otherwise auction off.
In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.
The e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents - not Symantec. This was all part of their investigative techniques for these types of incidents.
Symantec was not immediately able to confirm whether the source code torrent was genuine.
The Lords of Dharmaraja previously released code snippets as proof of their hack, which Symantec initially blamed on a "third party" before admitting that older versions of its security software had been swiped from its own servers in a previously undetected hack dating back to 2006. ®