Symantec one of the largest security company failed to protect their own source code. As reported before a month ago a hacker managed to breach Symantec security and stole their source code.Even though the source code was stolen back in 2006 the case came to light just the previous month.
The previous month, a group called Lords of Dharmaraja claimed to have broken into military intelligence servers belonging to the Indian government and obtained source code to Symantec products. These products are PcAnywhere, System Works, Internet Security and Norton GoBack with Utilities.
Today the main account associate with the hack @YamaTough claimed that Symantec offered the group 50,000$ in return to keep quiet.
The group released all the mails that the security firm sent to them. You can view the whole conversation here pastebin.com/NEYbC2Zw and pastebin.com/NEYbC2Zw
Protecting our company and property are our top priorities.
We can’t pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.
Obviously you still have our code so if we don’t follow through you still have the upper hand.
As you can see the mails are shocking and make us wonder how can this firm still sell security protection. The group said that they will also release the source code by tonight.
Update: PcAnywhere source code has already leaked to the public since last night and it was made available for download via the piratebay.org
Update: “Sam Thomas,” Symantec spokesperson Cris Paden told in aReuters interview late Monday night, was the false name created by law enforcement agents who pretended to pursue the negotiations only to attempt to trace the hackers. The entire conversation had been a ruse.
“Anonymous has been talking to law enforcement, not to us,” Paden says. “No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation.”
The Lords of Dharamaja have publicly claimed since early January to have access to the source code from a range of Symantec products, and Symantec confirms the hackers leaked the source code of the 2006 version of Norton Internet Security code on January 13. According to Paden, Symantec began to receive emails from the hackers a few days later, in which the group demanded money not to publish the portion of Symantec’s source code it hadn’t yet released.
When they came to us with what was for all intents and purposes extortion, we went to law enforcement,” says Paden. “From that point on, we turned over the investigation to them.” Paden says he can’t comment on which law enforcement agencies are involved, as the investigation is ongoing.
But why was Sam Thomas sam_thomas@symantec.com as an FBI agent care so much to verify the source code? As to whether Sam was a Symantec employer or an FBI agent, the question will remain. The true is that the source code has leaked to public and Symantec security cannot apologize for that.
Update 11:25am GMT:The account associate answer to the Symantec’s claim and the also said they will release NAV in the coming hours
Source: http://cylaw.info/?p=522
Comments
Post a Comment