Tuesday, February 7th 2012

Hackers Held Symantec to Ransom Over pcAnywhere Source Code Leak

Security software maker Symantec confirmed to the press that the group of hackers that obtained source code of its pcAnywhere software were holding it to ransom. The group claims to be linked to Anonymous. The group allegedly demanded US $50,000 from Symantec in return for destroying the source code it stole, on failing to pay it, the group threatened it would leak the source code to the public, which would expose the software to malware writers and competitors.

Symantec has apparently been in negotiations with the hacker group over preventing the leak, it even agreed to pay the group its "ransom", provided it could do so in monthly installments. The group declined, and the negotiations fell through. A transcript of this email conversation was posted on Pastebin (can be accessed here). The hackers claimed to have posted the source code of pcAnywhere (in a 2.3 GB RAR archive), on a popular bit-torrent site. In our opinion, extorting money is very un-Anonymous. Anonymous, being the self-proclaimed hacktivist group that it is, would post the source code "just for the lulz", without even getting into negotiations with Symantec.

Source: Hexus.net
Add your own comment

26 Comments on Hackers Held Symantec to Ransom Over pcAnywhere Source Code Leak

#1
btarunr
Editor & Senior Moderator
Many Thanks to the54thvoid for the tip.
Posted on Reply
#2
H82LUZ73
In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

link to another article hexus.net/tech/news/industry/34901-symantec-held-ransom-pcanywhere-souce-code-leaked/ ,And yes the file is up at the site mentioned,good thing is no one will know what to do with it,Bad if they do....
Posted on Reply
#3
brandonwh64
Addicted to Bacon and StarCrunches!!!
HAHA, We use PC anywhere at work
Posted on Reply
#4
_ALB_R3D X
I think it's time to move to linux again...!Code is up everywhere...and has so many seeders which I think don't really know what they're d/l !
Posted on Reply
#5
H82LUZ73
by: brandonwh64
HAHA, We use PC anywhere at work
Is it from 2006 and up ?if yes you need to show this to your boss ASAP ,They have the code that decrypts the info ...be it sensitive work info Ie like your company credit cards to what your doing say making a RnD project that is government top secret,Imagine the CIA had there Black Ops profiles under PC anywhere,Hell all the bad guys would be getting the info and we would see mass assassinations.....
Posted on Reply
#6
NdMk2o1o
by: btarunr
Symantec has apparently been in negotiations with the hacker group over preventing the leak, it even agreed to pay the group its "ransom", provided it could do so in monthly installments
Stalling for time while the feds try and track said hackers or going under... you decide :p
Posted on Reply
#7
Easy Rhino
Linux Advocate
what a terrible group of human beings.
Posted on Reply
#9
Steevo
PcAnywhere is still in use? Even with VNC, VPN and rdc?
Posted on Reply
#10
etayorius
It isnt anonymous, they have stated many times they will never ask for money, its probably the Gov blaming it on Anonymous so they create an excuse to start controlling the internet.
Posted on Reply
#11
H82LUZ73
by: etayorius
It isnt anonymous, they have stated many times they will never ask for money, its probably the Gov blaming it on Anonymous so they create an excuse to start controlling the internet.
Uhm nope they really have more then just PCAnyWhere Here is the link from 06 http://it.slashdot.org/story/12/01/19/1541252/symantec-admits-its-networks-were-hacked-in-2006And a tidbit...."After having first claimed that the source code leaked by Indian hacking group Dharmaraja was not stolen through a breach of its networks, but possibly by compromising the networks of a third-party entity, Symantec backpedalled and announced that the code seems to have exfiltrated during a 2006 breach of its systems


Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere."

Also read (looking for link)They clearly said it was them with the above group..They are trageting the US law enforcement for the Mega Upload shutdown.....
Posted on Reply
#12
twicksisted
And here is a copy of the conversation between Symantec and Anonymous
http://pastebin.com/NEYbC2Zw
We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months.
In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).
Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.

Obviously you still have our code so if we don't follow through you still have the upper hand.
Posted on Reply
#13
Mega-Japan
Haha, I read the whole convo. Quite a good read if I might add.
Now I wish anonymous would go back to hacking SONY... Good times, good times.
Posted on Reply
#14
H82LUZ73
https://twitter.com/YamaTough

Enjoy they are saying that Symantec tried to pay them off ...lol yet they tweet they were going to release it if thy did not pay on Jan14.

AnonymousIRC
AnonymousIRC AnonymousIRC
by YamaTough
http://bit.ly/t7CUtZ | Anonymous hacked site of U.S. Security Company | #Antisec #LulzXmas
Posted on Reply
#15
TheMailMan78
Big Member
Anonymous backed down from the Mexican cartels. So from that I can assume they are just bullies that pick on people they know will not hurt them OR care about them. When they had a chance to do some REAL good they ran away. Any respect I had for them was lost when they turned tail and ran away. Apparently they do forgive and forget.
Posted on Reply
#16
Steevo
Mexican cartels are worse than what the FBI and Scotland yard will do? Probably.


Mexican cartels more intelligent than the FBI or Scotland yard? Probably not.
Posted on Reply
#17
TheMailMan78
Big Member
by: Steevo
Mexican cartels are worse than what the FBI and Scotland yard will do? Probably.


Mexican cartels more intelligent than the FBI or Scotland yard? Probably not.
So they pick on safe targets. Sounds like bullies to me. If they went after something like the cartels that are killing people left and right THEN I could get behind them. But no. They pick on soft targets that pose no threat AND are not in the wrong expect by a perceived social justice platform.
Posted on Reply
#18
a_ump
hmmm this is a very interesting development. Down with Norton at last!!! lol jk, sorta. I would think something this huge would've been on TV, to warn like everyone(civilians, companies, etc) about the huge security risk that Norton is hahaha. I find it funny than an AV that is the most reputable is now the biggest risk to one's network/pc, wrong but funny.
Posted on Reply
#19
digibucc
i don't know why you are assuming this to be anonymous. the hackers claimed to be them, that's it. it doesn't really follow their previous mo. i can understand the cartel bit as you say, but this imo has nothing to do with anonymous
Posted on Reply
#20
Bundy
Doesn't sound much like Anon to me. If they demanded the FBI throw a getting out of jail party for Kim Dotcom, that would be more typical of their humour. Anon works for the lulz and asking for 50K isn't funny.
Posted on Reply
#23
Depth
10 points to whoever can go to a public cafe, register a new hotmail account and attempt to blackmail corporations.
Posted on Reply
#24
IceCreamBarr
If this is Anonymous, GIVE IT BACK!!! I am relying on you to be the voice of honesty and reason over the internet. DON'T stoop this low.

If this is not Anonymous, can I suggest that Anonymous steal the software and hand it back to Symantec? This would be a HUGE pro publicity for the group. Much more good would come of this move than a measly $50,000.
Posted on Reply
#25
twicksisted
It is my understanding that Symantec tried to offer/bribe them with $50k to not release the information that they were hacked.
Posted on Reply
Add your own comment