Symantec source code posted to BitTorrent

By on

Symantec warns of pending breaches.

Hackers have posted source code for Symantec's pcAnywhere to BitTorrent following a failed extortionist attempt last month.

The 2006 version pcAnywhere code was uploaded to a 1.27Gb file and was shared by hundreds of users.  

Symantec said it expected the hacking group to post code for the 2006 version of Norton Internet Security, and the now defunct Norton Antivirus Corporate Edition and Systemworks.  

"We can confirm that the source code has been posted and is legitimate,” the company said in a statement.

"Be advised, we also anticipate Anonymous to post the rest of the code they have claimed to have in their possession.

"We have been conducting direct outreach to our customers since 23 January to reiterate that, in addition to applying all relevant patches that have been released, we’ve also counseled customers to ensure that pcAnywhere version 12.5 is installed, and follow general security best practices."

The January extortion was revealed this week when a hacker using the alias YamaTough demanded $US50,000 ($A46,683) from Symantec to destroy the stolen source code and make a public statement denying that he/she stole the data.

A string of emails posted to pastebin by the hacker revealed the exchange between a purported Symantec employee and YamaTough.

Symantec’s US headquarters said the exchange was part of a coordinated investigation with law enforcement to catch the extortionist.

The Gmail address used to contact the hacker was established and run by police, Symantec said.

“Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them."

"All subsequent communications were actually between Anonymous and law enforcement agents – not Symantec. This was all part of their investigative techniques for these types of incidents.”

Symantec said it could not comment further because the police investigation was ongoing.

“We are not going to disclose the law enforcement agencies involved and have no additional information to provide.”

In the leaked email conversation, Symantec appeared to offer to wire the hacker $US1000 ($A933) as “a sign of good faith”, and pay the remaining $US50,000 in $US2500 ($A2333) installments.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

|  Forgot your password?