Symantec Confirms Extortion Attempt

    February 7, 2012

Hackers using the Twitter Handle @YamaTouigh have been tweeting about Symantec and its Norton antivirus product throughout January claiming that they will be releasing the source codes for the security product. Earlier this week Symantec confirmed that they have been the victims of an attempted extortion by @YamaTough, who claims to be affiliated with the ‘anonymous’ group.

A Symantec representative commented on the attempt:

In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide”.

Here are some segments from the impatient ‘Anonymous’ @YamaTough hacker as he negotiates the $50,000 demanded payment from a Symantec employee:

“If you are trying to trace with the ftp trick it’s just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You’ve got the doc files and pathes [sic] to the files. what’s the problem? Explain.”

“If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us.”

Apparently, the Hackers were on to Symantec for contacting higher authorities but never the less continued in their negotiations until they finally cut contact with the Symantec employee who claimed they needed more time:

“Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.”

Symantec insists that users of their products are not under any significantly higher risk of attack due to the theft however; Symantec asked its PCAnywhere users to disable the product until the company could issue a software update. They assure clients that this will protect them against attacks resulting from the theft of the source code.