Holding Source Code, Hackers Try To Extort $50K From Symantec

Feb 7, 2012

A case of what appears to be a high-tech extorsion came to an abrupt end last night, when hackers, which call themselves Lords of Dharmaraja, made good on their promise to release the source code of Symantec's PCAnywhere software, which allows a user to access their computers remotely.

Forbes, which first reported the story, says the hackers were related to the group Anonymous and after tense negotiations in which law enforcement posed as Symantec executives, "the hostage is dead."

The New York Times reports that the source code appeared on The Pirate Bay, a file sharing site, and by Tuesday it had been shared hundreds of times.

The paper adds:

"Symantec has been preparing for the likelihood that hackers would eventually release its source code, [Cris Paden, a Symantec spokesman] said, noting that the company had developed a series of patches for its PCAnywhere product and distributed them to users on Jan. 23. He added that Symantec expects the hackers to post the remainder of the source code in their possession, including code for its Norton Antivirus Corporate Edition and Norton SystemWorks products, both of which he said 'no longer exist.'"

There are lots of questions about this story: It seems clear that the source code was stolen in 2006. That much Symantec told Wired, last month. But how it was stolen is unclear. The hackers, according to the Times, claim they stole it from "India's military and intelligence servers last January."

Paden also told The New York Times that Symantec talked to the police because the hackers asked for money first. But the hackers said Symantec came to them with an offer to keep quiet for money.

The hackers posted the string of emails in which the negotiations took place. There were threats about releasing the source code and pleas from Sam Thomas, who ended up being a law enforcement agent, for more time. $50,000 was the agreed-upon price but Symantec offered to pay in installments to make sure the hackers would delete the source code.

At one point the hackers asked for money to be transfered to an off-shore account and Symantec said they could not do that. At another point, the hackers complained that Symantec was simply trying to trick them into a traceable transaction.

"If we detect any malevolent tracing action we cancel the deal," one message read. "Is that clear?"

The last message before the source code was released read:

"Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton

"Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it"

The source code could allow hackers to study Symantec's program and find vulnerabilities. But Symantec says it has patched the system.

Copyright 2012 National Public Radio. To see more, visit http://www.npr.org/.