by Steven Musil
As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of the its flagship security products off the Internet, the company confirmed to CNET this evening.
An e-mail exchange revealing the extortion attempt posted to Pastebin (see below) today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named “Yamatough” to prevent the release of PCAnywhere and Norton Antivirus code. Yamatough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.
“We will pay you $50,000.00 USD total,” Thomas said in an e-mail dated Thursday. “However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.”
A Symantec representative confirmed for CNET the extortion attempt in this statement:
In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.
However, after weeks of discussions regarding proof of code and how to transfer payment, talks broke down and the deal was never completed. A group called AnonymousIRC tweeted this evening that it would soon release the data. “#Symantec software source codes to be released soon. stay tuned folks!!! #Anonymous #AntiSec #CockCrashed #NortonAV.”
Apparently after weeks of discussions, Yamatough’s patience was wearing thin, leading to an ultimatum:
“If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us.”
The exchange gets contentious at times, with Yamatough suggesting that Symantec was trying to track the source of the e-mails.
“If you are trying to trace with the ftp trick it’s just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You’ve got the doc files and pathes [sic] to the files. what’s the problem? Explain.”
Another e-mail, with the subject line “say hi to FBI,” accuses the company of being in contact with the federal law enforcement agency, a charge Thomas denied. “We are not in contact with the FBI,” he wrote, falsely. “We are using this email account to protect our network from you. Protecting our company and property are our top priorities.”
Yamatough demanded that Symantec transfer the money via Liberty Reserve, a payment processor based in San Jose, Costa Rica. But Thomas appears reluctant, calling it “more complicated than we expected.” Thomas instead suggests using PayPal to transmit a $1,000 test as “a sign of good faith.” Yamatough rejects that offer, saying, “Do not send us any money (we do not use paypal period) do not send us any 1k etc. We can wait till we agree on final amount.”
Liberty Reserve did not immediately respond to a request for comment.
The posted thread ends with an exchange today with the subject line “10 minutes” that threatens to release the code immediately if Symantec doesn’t agree to use the payment processor to transfer the funds.
“Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.”
Thomas’ response, apparently the last of the discussion, is brief: “We can’t make a decision in ten minutes. We need more time.”