After Extortion Attempt, Hacker Releases Symantec Source Code
February 8, 2012

After Extortion Attempt, Hacker Releases Symantec Source Code

Source code belonging to Symantec Corporation that had been stolen in 2006 and held for ransom over the past month has been released by a group apparently associated with the hacking collective Anonymous.

Symantec recently confirmed to CNET that law enforcement posing as employees of the antivirus firm had been in contact with a hacker known as Yamatough, who tried to get $50,000 out of the company to keep the code private. Negotiations, which transpired between the hacker and a person known as Sam Thomas -- viewable at -- failed after weeks of heated emails, and the hacker told Symantec that he would release the code.

Hackers with the group Lords of Dharamaja, part of the Anonymous collective, leaked about 1.27gb of Symantec´s source code Monday night. They claim the code is for Symantec´s PCAnywhere program.

Meanwhile, Symantec said the source code was for 2006 products and has since updated its products with newer source code. But to be safe, the company said it had contacted customers in recent weeks to get them to apply software upgrades that could address any known security issues.

As previously reported on, emails between law enforcement and Yamatough were a ploy to try to trace the hacker and expose his operation. Once the negotiations failed, however, the code went public.

The negotiations also may have bought Symantec some time to address issues to its PCAnywhere program.

“Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since January 23rd to protect our users against known vulnerabilities,” company spokesman Cris Paden told Joseph Menn and Frank Jack Daniel of Reuters.

Symantec said the revealed source code is most likely only one of many 2006 codes the hacking collective has in its possession, and more will probably be released in time, including those for Norton Antivirus Corporate Edition and Norton Internet Security.

“As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any disclosure,” Paden added.

The email chain involving a $50,000 payoff was widely circulated, and some even mocked the antivirus giant for its attempt to buy protection.

But Symantec made it clear that it was law enforcement that was in contact with the hacker the whole time and no money had ever been planned to actually be paid. In fact, Paden said, “Sam Thomas” was a false name created by law enforcement who pretended to pursue the negotiations only in an attempt to trace the hackers. The entire conversation was a ruse.

Paden declined to name the law enforcement agency involved, saying it could compromise the investigation.

Yamatough, apparently fed up with the negotiations and growing impatient, decided to post the code Monday night, which is available on bittorrent.

He said he had never intended to take the money offered. But did tell Reuters that his group “tricked them [Symantec] into offering us a bribe so we could humiliate them.”

Paden said the company is analyzing the leaked code, but given that it was years out of date, the company´s recent patches should protect users of its software.

“We´re able to say with high confidence, any type of cyber attacks generated by this attack would have old characteristics and look like an attack from 2006 that can easily be stopped using current versions of our solutions,” said Paden. “Our customers are protected.”

Paden said he cannot comment as to whether law enforcement had any success in tracing the hackers, and added that the investigation is ongoing. “As to what happens next, we´re not sure,” he concluded.


On the Net: