Hacker leaks Symantec source code after failed negotiation

09 Feb 2012

As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of its flagship security products from being made public over the internet, CNET  said on Monday.

An e-mail exchange, posted to Pastebin, reveals the extortion attempt with a purported Symantec employee called Sam Thomas negotiating payment with an individual named "Yamatough". The exchange pertains to anti-virus code of PCAnywhere and Norton Antivirus code. Yamatough, is a Twitter identity, said to be belong to an individual or group that had previously threatened to release the source code for Norton Antivirus.

"We will pay you $50,000.00 USD total," Thomas said in an e-mail dated last Thursday. "However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain."

In a statement, a Symantec employee revealed the extortion attempt to CNET: "In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code the group claimed to have in its possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement agencies, given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."

However, after weeks of discussions regarding proof of code and how to transfer payment, talks broke down and the deal was never completed. A group called AnonymousIRC tweeted on Monday evening that it would soon release the data. "#Symantec software source codes to be released soon. stay tuned folks!!! #Anonymous #AntiSec #CockCrashed #NortonAV."

Following weeks of discussions, Yamatough's patience was beginning to wear out, which led him to issue an ultimatum: "If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us."