Symantec admits source code published by Anonymous is genuine

Symantec is in an ongoing fight against hackers in the group Anonymous that last January attempted to extort a payment of around $50,000 (£30,000) from Symantec in exchange for not publicly posting stolen Symantec source code they had stolen for various older Symantec security products dating to 2006.

Late yesterday, hackers did release the source code for an older version of Symantec's pcAnywhere and Norton Internet Security by uploading it to The Pirate Bay. Symantec confirms this is legitimate Symantec source code, and Symantec spokesman Chris Paden says the concern now is that other code that Anonymous claims to have in its possession will soon be posted as well.

"Be advised, we also anticipate Anonymous to post the rest of the code they have claimed to have in their possession. So far, they have posted code for the 2006 version of Norton Internet Security and pcAnywhere. We anticipate that at some point, they will post the code for Norton Antivirus Corporate Edition and Norton Systemworks. Both products no longer exist."

Symantec says it foresees no immediate security issues if this source code is posted, since neither is supported any longer.

Symantec says it has been in contact with law enforcement since it received the extortion attempt. Some of what appears to be a sting operation was evident in an email string posted online by a person named Yamatough, a name similar to the an Indian hacker who is associated with the Lords of Dharmaraja group that earlier claimed to have source code to some Symantec products.

Email purporting to come from "Sam Thomas," appearing to be a Symantec employee but using a Gmail address, offered to pay $50,000 but wanted assurances that the hacker wouldn't release the source code after payment. "Sam Thomas" offered to pay $2,500 a month for the first three months, with payments starting next week.

Yamatough apparently rejected that offer stating, "our offshore people won't let us securely get the money because they won't process amounts less than 50K a shot". He gave "Sam Thomas" 10 minutes to decide whether to pay, and "Sam Thomas" relayed he needed more time. After that, the source code to the older versions of pcAnywhere and Norton Antivirus was publicly posted.

Symantec's Chris Paden says the email string posted by Anonymous was actually between them and a fake email address set up by law enforcement. Symantec says after it got the extortion attempt in January, it contacted law enforcement and turned the investigation over to them. So any email communications seen in the drama unfolding have actually been between Anonymous and law enforcement agents, not Symantec. "This was all part of their investigative techniques for these type of incidents," Paden says.

The threat from Anonymous to post the pcAnywhere source code has had Symantec in high gear the last few weeks, releasing patches since January 23 "to protect users against attacks that might transpire as a result of the code being made public," the security firm says.

"We have been conducting direct outreach to our customers since January 23rd to reiterate that, in addition to applying all relevant patches that have been released, we've also counseled customers to ensure that pcAnywhere version 12.5 is installed, and to follow general security practices."

Symantec says it has not yet determined how the hackers exactly obtained the cache of older source code they now have.

"It is part of an original cache of code for 2006 versions of the products," Paden states. "We still have not determined how Anonymous came into possession of the 2006 source code." He adds the investigation by both Symantec and its partners in the law enforcement community (which it declines to name) is still ongoing.