Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":387331,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"A"}']

Hackers leak Symantec source code after failed $50,000 extortion sting

Hackers leak Symantec source code after failed $50,000 extortion sting

Anonymous masksA group of Indian hackers leaked what appears to be stolen source code from the antivirus company Symantec Monday night, following a month of fruitless negotiations.

Symantec admitted yesterday that it’s been involved with a sting operation by law enforcement centering on a $50,000 extortion attempt from the hackers, who call themselves the Lords of Dharamaja. After those discussions fell through yesterday, the hackers released 1.27 gigabytes of what they claim to be Symantec source code onto Bittorrent.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":387331,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"A"}']

Symantec admitted that its source code was stolen back in January, but it said at the time that no consumer data was exposed. The hackers released the code behind Norton Internet Security 2006 shortly afterwards and eventually demanded money from the company to keep the rest of its source code private.

“When they came to us with what was for all intents and purposes extortion, we went to law enforcement,” Chris Paden, a spokesperson for Symantec told Forbes. “From that point on, we turned over the investigation to them.”

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Negotiations surrounding the extortion attempt were revealed yesterday in a lengthy e-mail chain between Symantec employee Sam Thomas and a hacker calling himself “YamaTough,” which was posted on the document sharing site Pastebin. At first glance, the e-mails appear to show Symantec trying to pay off the hackers, but in truth Sam Thomas was a false name used by law enforcement to trace the hackers, Paden said.

“Anonymous has been talking to law enforcement, not to us,” Paden told Forbes. “No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation.”

As for the leaked code, which appears to be from Symantec’s PCAnywhere software, Paden said the company is still analyzing what was uploaded, but that consumers should be safe to use current versions of PCAnywhere.

Anonymous image via Shutterstock

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Explore

None Business Security