Symantec confirms hacker extortion attempt

A hacker threatened to release security software source code unless Symantec paid up. Photo / Thinkstock
A hacker threatened to release security software source code unless Symantec paid up. Photo / Thinkstock

Computer security firm Symantec confirmed it tried to turn the tables on hackers who threatened to release stolen source code if a demand for US$50,000 was not met.

An email exchange posted online at pastebin.com revealed how Symantec negotiated with "Yamatough," a supposed affiliate of hacker group Anonymous, to pay an extortion demand.

"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," the firm said in a released statement.

"Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."

No money ever changed hands.

Symantec recommended in January that users of its pcAnywhere software disable the product following the theft of source code from the California-based security firm.

Symantec subsequently said that the latest release of the software is defended from attack and released an upgrade to protect older versions.

Symantec, in a technical white paper posted in January on the firm's website, said the vulnerability to pcAnywhere, which allows for remote PC to PC connections, was the result of a 2006 theft of source code by hackers.

"We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere," Symantec said.

The only identified threat, however, was to pcAnywhere and not any of the Norton products.

- AFP

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on production bpcf05 at 23 Dec 2014 09:46:25 Processing Time: 444ms