Symantec Gets Hacked!
The Symantec Corporation is one of the largest providers of computer security in the world today. Many people know them for their Norton brand of anti-virus software, which quickly became the most used virus protection software in the United States. But virus protection may have just been moved to the bottom of Symantec’s to-do list after explosive allegations were thrown against them. The allegations revolve around a hacker who managed to steal some source code from PC Anywhere and Norton System Works, and Symantec’s attempt to cover it up.
An investigation into the case uncovered a Symantec Corporation employee attempting to pay the hacker $50,000to destroy the stolen source code. The staggering offer was made to a hacker who operates under the name YamaTough, and also included a stipulation in which the hacker would have to make a public statement which said that they were not able to steal any source code.
Symantec has yet to release an official comment to the press. The evidence of the attempted payoff is includes a highly detailed report of a lengthy series of transactions between a Symantec employee and the Indian hacker.
The various exchanges took place between January 17th and February 6th. The hacker was continuously adamant that Symantec wire the huge sum of money through Liberty Reserve, a wire transfer service.
According to the leaked email address, Symantec offer to pay the hacker using an installment plan, offering $1,000 upfront as “a sign of good faith”, and then pay off the remaining $50,000 in $2,500 monthly installments.
The Symantec employee promised the hacker that Symantec was “not in contact with the FBI,” as well as adding that “protecting our company and property are our top priorities”.
“We can’t pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.”
The hacker claimed to have stolen the source code from Indian Government agencies to undermine the state. In an interview with InfoSec Island, YamaTough apologized to Symantec and said the theft was collateral damage. Motives appear to have shifted.
SC Magazine contacted the hacker using an unverified email address included in the pastebin file. The respondent, alleging to be YamaTough, said he never intended to take the money and did it only to humiliate the company.
“No, no money was wired. Our goal was to play with them and see how they behave so to get the nature of their sick attitude to customers. We tricked them into a deal so to make it public later. We don’t need their money. We are a huge force and have supporters and we make a decent living. We don’t need their dirty money. Emails uploaded to humiliate them tricky and selfish pigs.”