YOU ARE HERE: LAT HomeCollections

Hacker posts Symantec source code after ransom demand fails

February 09, 2012|By David Sarno, Los Angeles Times

A hacker has released stolen source code from Symantec Corp., one of the largest computer security firms, after a phony set of ransom negotiations failed, according to the company.

The source code is part of a Symantec product called pcAnywhere, which enables users to log into and control home or work computers from remote locations. Access to the code could in theory give hackers insight into how to seize computers that use the software.

Symantec said the source code was for 2006 products that had since been updated with newer code. Even so, the company said, it had contacted customers in recent weeks to get them to apply software upgrades that could address known security problems.

The hacker, going by the name Yamatough, appeared to release a tranche of the code onto the controversial file-sharing site Pirate Bay on Tuesday, just as Symantec disclosed that ransom talks with the hacker were conducted by law enforcement personnel posing as a Symantec employee.

On Tuesday, a series of emails apparently between Yamatough and a Symantec employee were posted on the website The emails were a back-and-forth over how to arrange an alleged $50,000 ransom payment in return for the hacker's agreement to return the code without publishing it.

Symantec says the negotiations were a ruse conducted by law enforcement after the company contacted authorities.

"Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property," spokesman Cris Paden said in a statement.

The email subterfuge was "all part of their investigative techniques for these types of incidents," he added, noting that the company could not disclose which law enforcement agency was involved while the investigation was ongoing.

Symantec said the code was stolen in a 2006 hacking and affected four products: Norton Antivirus Corporate Edition, Norton SystemWorks, Norton Internet Security and pcAnywhere.

"Of those four products, only pcAnywhere is still sold," Paden wrote. "All of the others have been phased out and discontinued — or, in the case of Norton Internet Security, it has been completely, totally rebuilt."

The company urged users of its pcAnywhere product to apply the security fixes immediately.

Los Angeles Times Articles