Hackers claim Symantec would pay $50,000 extortion

Update: Extortion attempt part of police investigation, 

Explosive allegations have surfaced on a public pastebin entry detailing a hacker's attempt to extort funds from Symantec after stealing source code from PC Anywhere and Norton SystemWorks.

The pastebin entry, yet to be verified by Symantec, reveals a Symantec employee offering to pay US$50,000 ($A46,683) to a hacker operating under the handle YamaTough to destroy stolen source code and make a public statement denying that he/she stole the data.

Symantec’s US headquarters could not comment on the claims at the time of publication.

The upload includes full email header information detailing a lengthy exchange between alleged Symantec employee "Sam Thomas" and the Indian hacker.

The entry details an exchange between 17 January and 6 Febuary. The hacker continually demanded that the security giant wire the money through payment processor Liberty Reserve.

According to the leaked email conversation, Symantec offered to wire the hacker $US1000 ($A933) as “a sign of good faith”, and pay the remaining $US50,000 in $US2500 ($A2333) installments. The installments were promised because Symantec claimed it could not wire the entire amount at once and wanted to ensure the hacker wouldn't publish the source code after being paid.

The Symantec employee promised the hacker the company was  “not in contact with the FBI” and added that “protecting our company and property are our top priorities”.

“We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.

"Obviously you still have our code so if we don't follow through you still have the upper hand. “

The hacker claimed to have stolen the source code from Indian Government agencies in order to undermine the state. In an interview with InfoSec Island, YamaTough apologised to Symantec and said the theft was collateral damage. Motives appear to have shifted.

SC Magazine contacted the hacker using an email address included in the pastebin file. Again, the authencity of this address cannot be independently verified. The respondent, alleging to be YamaTough, said he never intended to take the money and did it only to humiliate the company.

“No, no money was wired and we did not intend to. Our goal was to play with them and see how they behave so to get [sic] the nature of their sick attitude to customers. We tricked them into a deal so to make it public later,” the reply said.

“We don’t need their money. We are a huge force and have supporters and we make a decent living. We don’t need their dirty money. Emails uploaded to humiliate them [sic] tricky and selfish pigs.”

SC did not yet receive a response when the author of the email was questioned on the apparent contradiction between the public apology and extortion attempt.

The respondent said the email account was the “official” account of the Lords of Dharmaraja (Kings) hacking group, to which YamaTough belongs. The respondent also claimed the header information was genuine. The headers pointed to an external Gmail account allegedly used by Symantec and an internal Symantec email address.

More to come.

Copyright © SC Magazine, Australia