HOME     MENU     SEARCH     NEWSLETTER    
TECHNOLOGY, DISCOVERY & INNOVATION. UPDATED 10 MINUTES AGO.
You are here: Home / Computing / Symantec $50,000 Hacker Sting Fails
BMC IT solutions:
IT products & services for the ultimate competitive business advantage.
BMC.com
Symantec $50,000 Sting Fails To Turn Out Hackers
Symantec $50,000 Sting Fails To Turn Out Hackers
By Jennifer LeClaire / Sci-Tech Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
07
2012
Call it an attempted sting. A group of hackers claimed to possess source code for Symantec's pcAnywhere and Norton Antivirus software -- and wanted $50,000 in exchange for not leaking the code.

What the hackers didn't know was that it wasn't Symantec they were negotiating with in the e-mail exchange. Law enforcement officials acting as a Symantec employee were on the other side of the virtual communication.

The drama began in early January. That's when Symantec revealed that a segment of its source code for Norton products was stolen in a security breach. An Indian hacking group called Lords of Dharmaraja claimed it got its hands on source code used in the Norton anti-virus program. The group later claimed affiliation with the "hacktivist" group Anonymous.

Reactive Security

The lengthy e-mail exchange began Jan. 18, but in the end apparently no money changed hands and no arrests were made.

Reuters obtained some of the e-mails from the hacker group. One, from a fake Symantec employee "Sam Thomas," read: "We can't pay you $50,000 at once for the reasons we discussed previously. In exchange, you will make a public statement on behalf of your group that you lied about the hack."

But the hackers turned the tables on Symantec. YamaTough, a hacker affiliated with Lords of Dharmaraja, told Reuters, "We tricked them into offering us a bribe so we could humiliate them."

Lords of Dharmaraja already embarrassed Symantec in late January. The theft led Symantec to advise customers using pcAnywhere to disable the software. Symantec disclosed that the source-code theft appeared to be the result of a security breach that occurred in 2006. In order to avoid man-in-the-middle attacks, Symantec suggested clients stop using the software until a patch was ready.

Charles King, principal analyst at Pund-IT, called the Symantec drama an "ugly little story on every level." He said he expected to see more stories like this as hackers become increasingly sophisticated. As he sees it, even security companies are being forced to behave in a reactive rather than proactive manner.

Remembering RSA

Case in point: RSA. RSA's SecureID tokens were hacked last March. Hackers attacked RSA servers and walked off with data they could use to compromise the security of two-factor authentication tokens that 40 million people used to access secure government and corporate networks.

Then it got worse. On June 2, RSA confirmed that data stolen from the company in March was used in an attempted attack on Lockheed Martin, a major U.S. government defense contractor. Lockheed reportedly thwarted the attack.

King said such attacks on security firms brought to mind Willie Sutton, a prolific U.S. bank robber who robbed about 100 banks from the late 1920s until his final capture in 1952. Once, when he was caught, someone asked him why he robbed banks. "That's where the money is," he replied.

"If you are a hacker and you want the crown jewels -- if security is an issue you are trying to dance around -- you hack the security company, because that's where the information is," King said.

Read more on: Symantec, Security, Hacker, Anonymous
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.