Feeds

Hackers spunk 'pcAnywhere source' after negotiation breakdown

'Fed posing as Symantec worker' offered $50k to activists

Providing a secure and efficient Helpdesk

Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec's pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and "a federal agent posing as a Symantec employee".

Symantec has confirmed that a dialogue had taken place between the hacktivists and "a law enforcement official", saying it had turned the case over to the Feds as soon as the hackers had contacted it.

The release of the 1.27GB file as a torrent coincides with the breakdown of the "negotiations" – which the group has now published on Pastebin – that took place between "Symantec" and YamaTough, spokesperson of hacker group Lords of Dharmaraja. Lords of Dharmaraja are an Indian hacking crew affiliated with Anonymous' Op AntiSec that claimed to have obtained access to the source code of pcAnywhere and other security software products from the security giant.

Taken at face value, the dialogue suggests that "Symantec" was prepared to offer payment of $50,000 (in instalments) on condition that the Lords of Dharmaraja were able to provide assurances that the hackers destroyed source code in their possession and made a statement that the hack it claimed against Symantec was a lie.

pcanywhere_torrent_antisec

LoD claims it turned down $50k offer for the code

The purported Symantec spokesperson, who used a Gmail account, at one point tried to persuade the hackers to upload source code sample via an FTP server, a suggestion the hackers dismissed out of hand as a ruse designed to trick them into revealing their IP address.

The protracted negotiations involved much talk about payment methods, with the Lords of Dharmaraja insisting on payment by Liberty Reserve or via bank accounts in Lithuania and Latvia. "Symantec" offered to pay $1,000 via PayPal, an offer the AntiSec-affiliated hackers quickly rejected.

At several points the Lord of Dharmaraja set deadlines for response that "Symantec" then said it was unable to meet – supposedly because of the difficulty of reaching a quick decision in a corporate environment. Three weeks into the dialogue, the Lord of Dharmaraja and "Symantec" were still miles apart in terms of the negotiations. The hackers apparently became bored with the discussion and released both the dialogue and the source code.

"Since no code yet being released and our email communication wasn't also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it," the hacktivists said in their final message on Monday.

A search on torrent sites suggests that only the code for pcAnywhere and Norton Antivirus has been released. Whether the code released is the genuine deal remains unconfirmed. Searches for either item may become contaminated with malicious links or malware, like any newsworthy item, something that has nothing to do with either the activists, Symantec or the FBI.

In a statement, Symantec said that the dialogue between the Lords of Dharmaraja actually took place with a law enforcement official rather than a representative of the security giant. It said it had turned the matter over to an unspecified agency as soon as it was clear the hackers wanted to extort payment in return for holding off on the release of its source code. The hackers claim they were offering Symantec first refusal on something they would otherwise auction off.

In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

The e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents - not Symantec. This was all part of their investigative techniques for these types of incidents.

Symantec was not immediately able to confirm whether the source code torrent was genuine.

The Lords of Dharmaraja previously released code snippets as proof of their hack, which Symantec initially blamed on a "third party" before admitting that older versions of its security software had been swiped from its own servers in a previously undetected hack dating back to 2006. ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.