[Infowarrior] - Fwd: Symantec code theft: Hackers 'attempted extortion'
Richard Forno
rforno at infowarrior.org
Tue Feb 7 11:22:09 CST 2012
Begin forwarded message:
> From: MM
>
>
> 7 February 2012 Last updated at 09:53 ET
> http://www.bbc.co.uk/news/technology-16927660
> Symantec code theft: Hackers 'attempted extortion'
>
> Hackers tried to extort money in exchange for keeping source code private, security firm Symantec has said.
>
> It comes as hackers made public emails from law enforcement agents posing as a Symantec employee.
>
> Officials pretended to be the security firm in order to "offer" the hackers $50,000 (£32,000).
>
> However, more source code has allegedly been released after negotiations apparently broke down.
>
> Symantec said it had contacted US law enforcement after being approached by the hackers last month.
>
> In a lengthy series of emails, law enforcement agents posed as a fake Symantec employee named Sam Thomas.
>
> The character was involved in lengthy email discussions with a hackers believed to be from India-based group the Lords of Dharmaraja, part of the wider Anonymous collective.
>
> Agents, posing as Sam, told the hackers: "We can pay you $2,500 per month for the first three months.
>
> "In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).
>
> "Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem."
>
> At one point, the hackers suspected FBI involvement, writing: "say hi to FBI agents".
>
> Stolen code
> By the end of the email discussion, negotiations began to stall.
>
> At 04:46 GMT on Tuesday, an account belonging to Anonymous suggested that more than a gigabyte of source code from the company's PC Anywhere software had been uploaded to torrent website The Pirate Bay.
>
> Symantec would not confirm that this was the case.
>
> "In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession," the company said in a statement.
>
> "Symantec conducted an internal investigation into this incident and also contacted law enforcement, given the attempted extortion and apparent theft of intellectual property.
>
> "The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation.
>
> "Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."
>
> At risk
> Last month, users of PC Anywhere software were told by the company to disable its use where possible.
>
> The company confirmed that "old" source code stolen by the hackers had exposed vulnerabilities in the program which allows remote access to computers.
>
> Other programs affected include Norton Antivirus Corporate Edition, Norton Internet Security and Norton Systemworks (Norton Utilities and Norton Go Back).
>
> However, only PC Anywhere is said to be at risk. Symantec has been releasing patches and further information via its website.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://attrition.org/mailman/private/infowarrior/attachments/20120207/2edf6afa/attachment-0001.html>
More information about the Infowarrior
mailing list