Connect to share and comment

'Anonymous' hackers release Symantec code onto the web

Hackers claiming to be part of the Anonymous group demanded $50,000 from Symantec before releasing stolen source code onto the web.

Symantec anonymous Norton Anti-virus  Enlarge
Boxes of Norton Anti-virus software by Symantec are displayed alongside McAfee security software on a shelf at a Target store August 19, 2010 in Colma, California. (Justin Sullivan/AFP/Getty Images)

Hackers claiming to be part of the Anonymous group demanded $50,000 from Symantec, the biggest maker of anti-virus software, before releasing stolen source code for several Symantec products onto the web.

The group, calling itself Lords of Dharmaraja, has been taunting Symantec for weeks in online forums, according to Bloomberg.

Symantec said that it then mounted a sting operation run by an undisclosed law enforcement agency, communicating with the hackers via email. 

According to the New York Times:

Cris Paden, a Symantec spokesman, said that shortly after the hackers posted that initial source code, a hacker using the name Yamatough, who claimed to represent Anonymous, contacted the company via email.

"Anonymous actually reached out to us first, saying that if we provided them with money, they would not post any more source code," Paden said. "At that point, given that it was a clear-cut case of extortion, we contacted law enforcement and turned the investigation over to them."

Reuters wrote that an email exchange released by the hacker, who claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on January 18.

On Monday night, 1.27 gigabytes of Symantec source code appeared on The Pirate Bay, a file sharing site, and by Tuesday it had been shared hundreds of times, the Times wrote.

Symantec confirmed that the code posted was real and said it stolen in a 2006 breach of its network.

The release has raised fears that others could find security holes in Symantec products and attempt takeovers of customer computers.

However, the Mountain View, California-based company said most of the code was for obsolete products, limiting the potential damage from a disclosure, Bloomberg reported.

Forbes, which first reported the story, wrote Tuesday that after tense negotiations in which law enforcement posed as Symantec executives, "the hostage is dead."

http://www.globalpost.com/dispatch/news/business-tech/120207/anonymous-symantec-yamatough-source-code-extortion-virus-security