Explosive allegations have surfaced on a public pastebin entry detailing a hacker's attempt to extort funds from Symantec after stealing source code from PC Anywhere and Norton SystemWorks.
The pastebin entry, yet to be verified by Symantec, reveals a Symantec employee offering to pay US$50,000 ($A46,683) to destroy stolen source code.
The offer was made to a hacker operating under the handle YamaTough, and also required the hacker make a public statement denying that he/she stole the data.
Symantec’s US headquarters could not comment on the claims at the time of publication.
The entry includes full email header information detailing a lengthy exchange between alleged Symantec employee "Sam Thomas" and the Indian hacker.
It details an exchange between 17 January and 6 Febuary. The hacker continually demanded that the security giant wire the money through payment processor Liberty Reserve.
According to the leaked email conversation, Symantec offered to wire the hacker $US1000 ($A933) as “a sign of good faith”, and pay the remaining $US50,000 in $US2500 ($A2333) installments.
The Symantec employee promised the hacker the company was “not in contact with the FBI” and added that “protecting our company and property are our top priorities”.
“We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.
"Obviously you still have our code so if we don't follow through you still have the upper hand. “
The hacker claimed to have stolen the source code from Indian Government agencies to undermine the state. In an interview with InfoSec Island, YamaTough apologised to Symantec and said the theft was collateral damage. Motives appear to have shifted.
SC Magazine contacted the hacker using an unverified email address included in the pastebin file. The respondent, alleging to be YamaTough, said he never intended to take the money and did it only to humiliate the company.
“No, no money was wired. Our goal was to play with them and see how they behave so to get [sic] the nature of their sick attitude to customers. We tricked them into a deal so to make it public later,” the reply said.
“We don’t need their money. We are a huge force and have supporters and we make a decent living. We don’t need their dirty money. Emails uploaded to humiliate them [sic] tricky and selfish pigs.”
The respondent said the email account was the “official” account of the Lords of Dharmaraja (Kings) hacking group, to which YamaTough belongs. The respondent also claimed the header information, pointing to an external Gmail account allegedly used by Symantec and an internal Symantec email address, was genuine.
More to come.
Copyright © SC Magazine, Australia
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.