Symantec told a hacker group that they were willing to pay $50,000, to keep the source code for some of their flagship products off the internet. They confirmed this with CNET last night.
CNET wrote “An e-mail exchange revealing the extortion attempt posted to Pastebin (see below) today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named “Yamatough” to prevent the release of PCAnywhere and Norton Antivirus code. Yamatough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.
“We will pay you $50,000.00 USD total,” Thomas said in an e-mail dated Thursday. “However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.”
Symantec confirmed the extortion attempt saying “In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.”
Apparently talks broke down when the subject of proof of code and transferring payment were brought up. AnonymousIRC tweeted last night that it would soon release the data. “#Symantec software source codes to be released soon. stay tuned folks!!! #Anonymous #AntiSec #CockCrashed #NortonAV.”
You can read more about the email exchanges over at CNET.
Kitguru says: Does it make you lose faith in a security company who are being held to ransom by hackers? After all if they can’t look after their own source code can they be trusted to look after your computer?