Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Symantec verifies stolen source code posted by Anonymous is "legitimate"

Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.

More on high-tech crime: From Anonymous to Hackerazzi: The year in security mischief-making

Background: Anonymous claims to have released source code of Symantec's pcAnywhere

Late yesterday, hackers did release the source code for an older version of Symantec's pcAnywhere and Norton Internet Security by uploading it to the Pirate bay website. Symantec confirms this is legitimate Symantec source code, and Symantec spokesman Chris Paden says the concern now is that other code that Anonymous claims to have in its possession will soon be posted as well.

"Be advised, we also anticipate Anonymous to post the rest of the code they have claimed to have in their possession. So far, they have posted code for the 2006 version of Norton Internet Security and pcAnywhere. We anticipate that at some point, they will post the code for Norton Antivirus Corporate Edition and Norton Systemworks. Both products no longer exist." Symantec foresees no immediate security issues if this source code is posted since neither is supported any longer.

Symantec says it has been in contact with law enforcement since it received the extortion attempt, and some of what appears to be a sting operation was evident in an e-mail string posted online by a person named Yamatough, a name similar to the Twitter handle of Yama Tough in Mumbai who is associated with the hacker group, Lords of Dharmaraja, that earlier claimed to have source code to some Symantec products.

E-mail purporting to come from "Sam Thomas," appearing to be a Symantec employee but using a Gmail address, offered to pay $50,000 but wanted assurances that the hacker wouldn't release the source code after payment. "Sam Thomas" offered to pay $2,500 a month for the first three months, with payments starting next week.

Yamatough apparently rejected that offer stating, "our offshore people won't let us securely get the money because they won't process amounts less than 50K a shot." He gave "Sam Thomas" 10 minutes to decide whether to pay, and "Sam Thomas" relayed he needed more time. After that, the source code to the older versions of pcAnywhere and Norton Antivirus was publicly posted.

Symantec's Chris Paden says the e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Symantec says after it got the extortion attempt in January, it contacted law enforcement "and turned the investigation over to them." So any e-mail communications seen in the drama unfolding have actually been between Anonymous and law enforcement agents - not Symantec. "This was all part of their investigative techniques for these type of incidents," Paden says.

The threat from Anonymous to post the pcAnywhere source code has had Symantec in high gear the last few weeks, releasing patches since Jan. 23 "to protect users against attacks that might transpire as a result of the code being made public," the security firm says. "We have been conducting direct outreach to our customers since Jan. 23rd to reiterate that, in addition to applying all relevant patches that have been released, we've also counseled customers to ensure that pcAnywhere version 12.5 is installed, and to follow general security practices."

Symantec says it has not yet determined how the hackers exactly obtained the cache of older source code they now have. "It is part of an original cache of code for 2006 versions of the products," Paden states. "We still have not determined how Anonymous came into possession of the 2006 source code." He adds the investigation by both Symantec and its partners in the law-enforcement community (which it declines to name) is still ongoing. "The incident is not resolved." This law-enforcement sting being the focus of press coverage isn't helping.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IDG, LAN, Norton, Symantec
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: anonymous, Anonymous; Symantec; extortion; security; pcAnywhere; Norton Internet Security, cybercrime, legal, security, symantec
Latest Blog Posts
Whitepapers
  • Optimizing Storage and Protecting Data with Oracle Database 11g
    This paper focuses on key Oracle Database 11g capabilities that help IT departments better optimise their storage infrastructure, enabling administrators to deliver a cost-effective, scalable data management platform that is easy to manage, reduces costs, and protects data while continuing to deliver the performance and availability that today’s businesses require.
    Learn more »
  • Oracle SOA vs. IBM SOA - Customer Perspectives on Evaluating Complexity and Business Value
    The Service-Oriented Architecture (SOA) model has become the cornerstone of business computing. Its ability to greatly accelerate the development of business-critical applications promotes business agility, decreases time-to-value and total cost of ownership (TCO), and greatly increases the efficiency and strategic value of IT. SOA implementations tend to be complex, IT decision makers should carefully consider their choice of a SOA platform in terms of its ability to simplify the fundamental development, deployment, and management tasks involved. Read on.
    Learn more »
  • Best practices for implementing 2048-bit SSL
    Secure sockets layer (SSL) technology continues to be essential to the growth of the web. With unabated increases in ecommerce traffic along with transmission of personal information, SSL is no longer just a nice to have capability; it is an absolute necessity. The requirement to protect information is further heightened by the universal availability of easy-touse hacking tools such as Firesheep. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.