Feeds

Hackers spunk 'pcAnywhere source' after negotiation breakdown

'Fed posing as Symantec worker' offered $50k to activists

The Power of One eBook: Top reasons to choose HP BladeSystem

Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec's pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and "a federal agent posing as a Symantec employee".

Symantec has confirmed that a dialogue had taken place between the hacktivists and "a law enforcement official", saying it had turned the case over to the Feds as soon as the hackers had contacted it.

The release of the 1.27GB file as a torrent coincides with the breakdown of the "negotiations" – which the group has now published on Pastebin – that took place between "Symantec" and YamaTough, spokesperson of hacker group Lords of Dharmaraja. Lords of Dharmaraja are an Indian hacking crew affiliated with Anonymous' Op AntiSec that claimed to have obtained access to the source code of pcAnywhere and other security software products from the security giant.

Taken at face value, the dialogue suggests that "Symantec" was prepared to offer payment of $50,000 (in instalments) on condition that the Lords of Dharmaraja were able to provide assurances that the hackers destroyed source code in their possession and made a statement that the hack it claimed against Symantec was a lie.

pcanywhere_torrent_antisec

LoD claims it turned down $50k offer for the code

The purported Symantec spokesperson, who used a Gmail account, at one point tried to persuade the hackers to upload source code sample via an FTP server, a suggestion the hackers dismissed out of hand as a ruse designed to trick them into revealing their IP address.

The protracted negotiations involved much talk about payment methods, with the Lords of Dharmaraja insisting on payment by Liberty Reserve or via bank accounts in Lithuania and Latvia. "Symantec" offered to pay $1,000 via PayPal, an offer the AntiSec-affiliated hackers quickly rejected.

At several points the Lord of Dharmaraja set deadlines for response that "Symantec" then said it was unable to meet – supposedly because of the difficulty of reaching a quick decision in a corporate environment. Three weeks into the dialogue, the Lord of Dharmaraja and "Symantec" were still miles apart in terms of the negotiations. The hackers apparently became bored with the discussion and released both the dialogue and the source code.

"Since no code yet being released and our email communication wasn't also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it," the hacktivists said in their final message on Monday.

A search on torrent sites suggests that only the code for pcAnywhere and Norton Antivirus has been released. Whether the code released is the genuine deal remains unconfirmed. Searches for either item may become contaminated with malicious links or malware, like any newsworthy item, something that has nothing to do with either the activists, Symantec or the FBI.

In a statement, Symantec said that the dialogue between the Lords of Dharmaraja actually took place with a law enforcement official rather than a representative of the security giant. It said it had turned the matter over to an unspecified agency as soon as it was clear the hackers wanted to extort payment in return for holding off on the release of its source code. The hackers claim they were offering Symantec first refusal on something they would otherwise auction off.

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

The e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents - not Symantec. This was all part of their investigative techniques for these types of incidents.

Symantec was not immediately able to confirm whether the source code torrent was genuine.

The Lords of Dharmaraja previously released code snippets as proof of their hack, which Symantec initially blamed on a "third party" before admitting that older versions of its security software had been swiped from its own servers in a previously undetected hack dating back to 2006. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.