HACKTIVIST GROUP Anonymous has lived up to its promise and released Symantec source code.
The Bittorrent link takes users to a download of PCanywhere source code for remote login software from Symantec, and the statement, "Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need" - #AntiSec #Anonymous. Spread and share!"
The Pastebin post is a set of emails apparently sent between hacker Yamatough and Symantec, in which the latter apparently was ready to pay $50,000 to retrieve its data.
This was also suggested by long term Anonymous mouthpiece Anonymousabu, who said, "Update regarding Symantec: Stay tuned for the f*cking lulz. Let's just say Symantec tried to give us 50,000 reasons not to release sources!" before the release went live.
Update regarding Symantec: Stay tuned for the f*cking lulz. Let's just say Symantec tried to give us 50,000 reasons not to release sources!— The Real Sabu (@anonymouSabu) February 6, 2012
"We are not in contact with the FBI. We are using this email account to protect our network from you. Protecting our company and property are our top priorities," says an email apparently sent from a Symantec representative that explains why the firm initially dropped out of the deal.
"We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.... Obviously you still have our code so if we don't follow through you still have the upper hand."
Symantec's official line is that no customer data is affected and that it has fixed any vulnerabilities that its code might have.
"Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006," it says in a statement on a page dedicated to the attack.
"Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
We have asked Symantec to comment on this latest update.
Symantec told us that the emails are genuine but were part of a law enforcement investigation into the attack. It added that the case is ongoing and it would like to stay quiet on the details.
"In January an individual claiming to be part of the ‘Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property," said a spokesperson.
"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide." µ