* Code for pcAnywhere published
* Symantec says customers safe
* More releases expected
By Joseph Menn and Frank Jack Daniel
Feb 7 A hacker released the source code
for antivirus firm Symantec's pcAnywhere utility on Tuesday,
raising fears that others could find security holes in the
product and attempt takeovers of customer computers.
The release followed failed email negotiations over a
$50,000 payout to the hacker calling himself YamaTough to
destroy the code.
The email thread was published on Monday, but the hacker and
the company said their participation had been a ruse. YamaTough
said he was always going to publish the code, while Symantec
said law enforcement had been directing its side of the
The negotiations also might have bought Symantec time while
it issued fixes to the pcAnywhere program, which allows
customers to access their desktop machines from another
"Symantec was prepared for the code to be posted at some
point and has developed and distributed a series of patches
since Jan. 23rd to protect our users against known
vulnerabilities," said company spokesman Cris Paden.
Symantec had taken the extraordinary step of asking
customers to stop using the software temporarily until it
readied the patches. It issued fixes for "known vulnerabilities"
in version 12.5 of the software on Jan. 23 and fixes for
versions 12.0 and 12.1 on Friday Jan. 27.
Paden said that Symantec had contacted its customers and
that it had not lost any customers. He said that if they were
running up-to-date, patched versions they should not face
Symantec also expects hackers to release other source code
in their possession, 2006 versions of Norton Antivirus Corporate
Edition and Norton Internet Security. "As we have already stated
publicly, this is old code, and Symantec and Norton customers
will not be at an increased risk as a result of any disclosure,"
The emails over the $50,000 payoff was widely circulated,
with some mocking the world's largest standalone security
company for its apparent attempt to buy protection.
But the company said the emails were in fact between the
hacker and law enforcement officials posing as a Symantec
"The communications with the person(s) attempting to extort
the payment from Symantec were part of the law enforcement
investigation ," Paden said, adding that no money was
Paden declined to name the law enforcement agency, saying it
could compromise the investigation.
Symantec had previously confirmed the hacker, part of a
group called Lords of Dharmaraja and affiliated with Anonymous,
was in possession of source code for its products, obtained in a
2006 breach of the company's networks.
The email exchange released by the hacker, who claims to be
based in Mumbai, India, shows drawn-out negotiations with a
purported Symantec employee starting on Jan. 18.
The email negotiations echoed conversations in past years,
viewed by Reuters, in which police agencies directed talks
between victims and hackers.
"We can't pay you $50,000 at once for the reasons we
discussed previously," said one email from a purported Symantec
employee Sam Thomas, who offered to pay the full amount at a
"In exchange, you will make a public statement on behalf of
your group that you lied about the hack."
A common tactic of the FBI and others investigating
extortionists and kidnappers is to seek to break down the amount
of money sought by the suspects into multiple smaller payments.
This stretches out the negotiation, giving authorities more
insight into the suspect and more time in which to make an
arrest. It also lessens the risk to any victim inclined to pay
the entire amount demanded.
Most important, it creates more transactions, each one of
which provides a trail of records and human beings that can be
traced as the police seek their quarry.
The hacker said he never intended to take the
"We tricked them into offering us a bribe so we could
humiliate them," YamaTough told Reuters.
In recent weeks, the hacker has posted segments of code for
Norton Utilities and other programs. A software maker's
intellectual property, specifically its source code, is its most
Symantec's Norton Internet Security is among the most
popular software available to stop viruses, spyware, and online