// Home / News / Security

Symantec: we didn't "bribe" hackers, police did

By Nicole Kobie

Posted on 7 Feb 2012 at 10:00

Symantec has said it didn't offer $50,000 to hackers holding source code to some of its products, saying the payment negotiations were conducted by law enforcement officials.

The security firm said last month that

source code stolen in 2006 for its pcAnywhere remote access software was leaked online, warning users it could be a potential security risk.

Last night, hackers thought to be associated with Anonymous claimed the firm had offered it a "bribe" a week before it released the pcAnywhere code in January. "You won't believe it but Symantec offered us money to keep quiet," said YamaTough, thought to be one of the hackers, via Twitter.

The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation

A series of emails posted online shows negotiations between a hacker and a man claiming to be a Symantec employee, with a sum of $50,000 discussed to keep the source code from being leaked.

The emails suggested that as part of the deal the hackers would make a "public statement" saying they "lied about the hack".

However, Symantec called the potential payment "extortion", and added the email exchange was actually organised by law enforcement officials, posing as an employee as part of the investigation.

"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," company spokesman Cris Paden told Reuters, adding that no money was paid.

Symantec wouldn't say which law enforcement agency it was working with, adding the security firm had confirmed the hacker, YamaTough, did indeed have the 2006 source code.

YamaTough and other hackers claimed over Twitter they had no intention of taking the money, and said they tried to get Symantec to donate to charity instead. "We tricked them into offering us a bribe so we could humiliate them," YamaTough told Reuters.

Symantec has since offered a free upgrade to pcAnywhere to ensure it's safe to use, but the hackers claim to have access to code from other products including its Norton antivirus.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

User comments

No greed here then

I suppose that shows the difference between white hat hackers (they do it to make the world better) and black hat hackers (they do it to make themselves richer). I guess we found out which camp these people are in.

Meanwhile, the (presumably US) govt is still trying to get its head around the idea that for some people the world does not revolve around money...! Not sure what it does revolve around for these hackers, but clearly not money.

Unless Symantec are being inventive of course.

By SwissMac on 7 Feb 2012

Light grey hat

They were asked to lie about the hack not long before the code was released and suggested a charitable donation.

By dubiou on 7 Feb 2012

Ethical?

If these hackers were so ethical, what were they doing putting source code onto the web, if it did not belong to them? I think these hackers are onto some kind of ego trip.

By fogtax on 9 Feb 2012

@SwissMac

Black hats aren't in it for money, they are in it to cause disruption, damage others and power and fame among their peers.

There is a new breed of hackers that are in it for the money, but these guys seem to be traditional black hats.

If they had been white hats, they would have contacted Symantec and helped them protect the Indian Polic servers better.

By big_D on 12 Feb 2012

Leave a comment

You need to Login or Register to comment.