UPDATE 1-Hacker releases Symantec source code

Tue Feb 7, 2012 6:25pm EST

* Code for pcAnywhere published

* Symantec says customers safe

* More releases expected

By Joseph Menn and Frank Jack Daniel

Feb 7 (Reuters) - A hacker released the source code for antivirus firm Symantec's pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.

The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.

The negotiations also might have bought Symantec time while it issued fixes to the pcAnywhere program, which allows customers to access their desktop machines from another location.

"Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since Jan. 23rd to protect our users against known vulnerabilities," said company spokesman Cris Paden.

Symantec had taken the extraordinary step of asking customers to stop using the software temporarily until it readied the patches. It issued fixes for "known vulnerabilities" in version 12.5 of the software on Jan. 23 and fixes for versions 12.0 and 12.1 on Friday Jan. 27.

Paden said that Symantec had contacted its customers and that it had not lost any customers. He said that if they were running up-to-date, patched versions they should not face increased risk.

Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. "As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any disclosure," Paden said.

The emails over the $50,000 payoff was widely circulated, with some mocking the world's largest standalone security company for its apparent attempt to buy protection.

But the company said the emails were in fact between the hacker and law enforcement officials posing as a Symantec employee.

"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation ," Paden said, adding that no money was paid.

Paden declined to name the law enforcement agency, saying it could compromise the investigation.

Symantec had previously confirmed the hacker, part of a group called Lords of Dharmaraja and affiliated with Anonymous, was in possession of source code for its products, obtained in a 2006 breach of the company's networks.

The email exchange released by the hacker, who claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on Jan. 18.

The email negotiations echoed conversations in past years, viewed by Reuters, in which police agencies directed talks between victims and hackers.

"We can't pay you $50,000 at once for the reasons we discussed previously," said one email from a purported Symantec employee Sam Thomas, who offered to pay the full amount at a later date.

"In exchange, you will make a public statement on behalf of your group that you lied about the hack."

A common tactic of the FBI and others investigating extortionists and kidnappers is to seek to break down the amount of money sought by the suspects into multiple smaller payments.

This stretches out the negotiation, giving authorities more insight into the suspect and more time in which to make an arrest. It also lessens the risk to any victim inclined to pay the entire amount demanded.

Most important, it creates more transactions, each one of which provides a trail of records and human beings that can be traced as the police seek their quarry.

The hacker said he never intended to take the money.

"We tricked them into offering us a bribe so we could humiliate them," YamaTough told Reuters.

In recent weeks, the hacker has posted segments of code for Norton Utilities and other programs. A software maker's intellectual property, specifically its source code, is its most precious asset.

Symantec's Norton Internet Security is among the most popular software available to stop viruses, spyware, and online identity theft.

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (4)
daniel.davis wrote:
I work in computer repair and I can tell you that Symantec products just don’t work. The only thing they do is mess up your internet connection. They block legitimate applications and let the trojans in, granted it’s actually the user’s fault, but other antiviruses do a lot more to protect you.

I’ve found that security essentials is pretty good at active protection, while SuperAntiSpyware and MalwareBytes combined make a good removal tool.

See foolishit.com D7 is amazing.

Feb 07, 2012 6:46pm EST  --  Report as abuse
gradkiss wrote:
What the individual left, as a signature that has more meaning than meets the normal eye…but then everything does follow the same principal or protocol here upon Earth…even the politicians do and only abuse the facts. The author of the message reminds me of someone that has their head turned on and working better than the politically inspired minds…yet the psychiatrists have a list of things readied along with the laws employed in the Congress of the united States…
I actually do not think who ever it is, has it out for Semantic at all…it’s probably for the NSA.
Semantic…no doubt will find innovation will remedy the situation.
You know Norton and other companies have not done as well as some would think in the uS, with a government overseeing everything like they do there for political reasons…and Microsoft products historically such an easy target….
Maybe Semantic can write the event off as a tax deduction for about 5 years straight or something.Many people do not realize it…but you should never pump gas into your vehicle without first itemizing the actual tax and deducting it from you income taxes….down to the 1 tenth cent.Parking meters should grant you a receipt too…so you can itemize your business expenses.Protection costs today are sky high!
The Pentagon used to infect computers…but now the NSA is the head dog in the ongoing cyber war…that apparently the NSA does not have a chance of loosing.
Everyone have a great day…

Feb 07, 2012 7:23pm EST  --  Report as abuse
kcwilsonii wrote:
people still use Symantec?

Feb 07, 2012 7:25pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.