Feeds

Hackers spunk 'pcAnywhere source' after negotiation breakdown

'Fed posing as Symantec worker' offered $50k to activists

SANS - Survey on application security programs

Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec's pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and "a federal agent posing as a Symantec employee".

Symantec has confirmed that a dialogue had taken place between the hacktivists and "a law enforcement official", saying it had turned the case over to the Feds as soon as the hackers had contacted it.

The release of the 1.27GB file as a torrent coincides with the breakdown of the "negotiations" – which the group has now published on Pastebin – that took place between "Symantec" and YamaTough, spokesperson of hacker group Lords of Dharmaraja. Lords of Dharmaraja are an Indian hacking crew affiliated with Anonymous' Op AntiSec that claimed to have obtained access to the source code of pcAnywhere and other security software products from the security giant.

Taken at face value, the dialogue suggests that "Symantec" was prepared to offer payment of $50,000 (in instalments) on condition that the Lords of Dharmaraja were able to provide assurances that the hackers destroyed source code in their possession and made a statement that the hack it claimed against Symantec was a lie.

pcanywhere_torrent_antisec

LoD claims it turned down $50k offer for the code

The purported Symantec spokesperson, who used a Gmail account, at one point tried to persuade the hackers to upload source code sample via an FTP server, a suggestion the hackers dismissed out of hand as a ruse designed to trick them into revealing their IP address.

The protracted negotiations involved much talk about payment methods, with the Lords of Dharmaraja insisting on payment by Liberty Reserve or via bank accounts in Lithuania and Latvia. "Symantec" offered to pay $1,000 via PayPal, an offer the AntiSec-affiliated hackers quickly rejected.

At several points the Lord of Dharmaraja set deadlines for response that "Symantec" then said it was unable to meet – supposedly because of the difficulty of reaching a quick decision in a corporate environment. Three weeks into the dialogue, the Lord of Dharmaraja and "Symantec" were still miles apart in terms of the negotiations. The hackers apparently became bored with the discussion and released both the dialogue and the source code.

"Since no code yet being released and our email communication wasn't also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it," the hacktivists said in their final message on Monday.

A search on torrent sites suggests that only the code for pcAnywhere and Norton Antivirus has been released. Whether the code released is the genuine deal remains unconfirmed. Searches for either item may become contaminated with malicious links or malware, like any newsworthy item, something that has nothing to do with either the activists, Symantec or the FBI.

In a statement, Symantec said that the dialogue between the Lords of Dharmaraja actually took place with a law enforcement official rather than a representative of the security giant. It said it had turned the matter over to an unspecified agency as soon as it was clear the hackers wanted to extort payment in return for holding off on the release of its source code. The hackers claim they were offering Symantec first refusal on something they would otherwise auction off.

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

The e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents - not Symantec. This was all part of their investigative techniques for these types of incidents.

Symantec was not immediately able to confirm whether the source code torrent was genuine.

The Lords of Dharmaraja previously released code snippets as proof of their hack, which Symantec initially blamed on a "third party" before admitting that older versions of its security software had been swiped from its own servers in a previously undetected hack dating back to 2006. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.