Symantec expects Anonymous to publish more stolen source code

Confirms that BitTorrent file is pcAnywhere's source code after sting operation fails

Symantec today confirmed that the pcAnywhere source code published on the Web Monday by hackers who tried to extort $50,000 from the company was legitimate.

A company spokesman also said that Symantec expects that the rest of the source code stolen from its network in 2006 will also be made public.

Symantec's acknowledgement followed the appearance late Monday of a 1.3GB file on various file-sharing websites, including Pirate Bay, that claimed to be the source code of the pcAnywhere remote-access software.

Download activity for the BitTorrent file has been moderately brisk: As of mid-morning Tuesday, Pirate Bay identified 376 "seeders," the term for a computer that has a complete copy of the file -- and about 200 "leechers," or computers that have downloaded only part of the complete torrent.

The Anonymous hacking group claimed responsibility for posting the pcAnywhere source code.

"We can confirm that the source code is legitimate," said Cris Paden, a spokesman for Symantec, in an email reply to questions. "It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to have been in possession during the last few weeks."

Also on Monday, an individual or group going by the name "Yama Tough" had published a series of emails on Pastebin that detailed an attempt to extort $50,000 from Symantec.

Previously, Yama Tough had claimed responsibility for stealing the source code to pcAnywhere and other Symantec security software. At one point, Yama Tough had threatened to publish the source code, but then recanted.

The Pastebin-posted emails covered negotiations between Yama Tough and someone identified as "Sam Thomas," supposedly a Symantec employee, over payment for not disclosing the source code. In fact, Thomas was a pseudonym used by U.S. authorities, whom Symantec had alerted to the threat.

"In January, an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession," said Paden. "Symantec conducted an internal investigation into this incident and also contacted law enforcement, given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation."

Paden declined to identify the law enforcement agency, but the Federal Bureau of Investigation (FBI) has jurisdiction in extortion attempts that affect foreign or interstate commerce.

The negotiations went on for nearly a month -- the emails began on Jan. 18 -- but broke down when Yama Tough rejected Thomas' conditions, which included an offer of payments of $2,500 each month for the first three months, with the balance to be paid on proof that the copy of the stolen source code had been destroyed.

Yama Tough tried to spin a different story on Twitter.

"They've been tricked trolled into offering a bribe so the false statement be [sic] made we never had the code and lied =)," Yama Tough said yesterday in a tweet .

Symantec's Paden also said today that it expects Anonymous to shortly publish source code belonging to other products.

"We also anticipate Anonymous to post the rest of the code they have claimed have in their possession," Paden said. "So far, they have posted code for the 2006 version of Norton Internet Security and pcAnywhere. We also anticipate that at some point, they will post the code for Norton Antivirus Corporate Edition and Norton SystemWorks. Both products no longer exist."

Yama Tough promised that the source code for Norton Antivirus (NAV) Corporate Edition would hit the Web today. "NAV release coming in seven hours," Yama Tough said on Twitter about six hours ago.

Two weeks ago, Symantec took the unprecedented step of telling users of pcAnywhere to disable or uninstall the software until it could finish patching vulnerabilities it had uncovered. Symantec wrapped up that patching last week, and gave the all-clear to customers .

Symantec has also offered free upgrades to pcAnywhere 12.5 for users of editions prior to version 12.0.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is .

See more articles by Gregg Keizer .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleetworkFBIFederal Bureau of InvestigationGoogleMicrosoftNortonSymantecTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts