Symantec: we didn't "bribe" hackers, police did
By Nicole Kobie
Posted on 7 Feb 2012 at 10:00
Symantec has said it didn't offer $50,000 to hackers holding source code to some of its products, saying the payment negotiations were conducted by law enforcement officials.
source code stolen in 2006 for its pcAnywhere remote access software was leaked online, warning users it could be a potential security risk.
Last night, hackers thought to be associated with Anonymous claimed the firm had offered it a "bribe" a week before it released the pcAnywhere code in January. "You won't believe it but Symantec offered us money to keep quiet," said YamaTough, thought to be one of the hackers, via Twitter.
The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation
A series of emails posted online shows negotiations between a hacker and a man claiming to be a Symantec employee, with a sum of $50,000 discussed to keep the source code from being leaked.
The emails suggested that as part of the deal the hackers would make a "public statement" saying they "lied about the hack".
However, Symantec called the potential payment "extortion", and added the email exchange was actually organised by law enforcement officials, posing as an employee as part of the investigation.
"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," company spokesman Cris Paden told Reuters, adding that no money was paid.
Symantec wouldn't say which law enforcement agency it was working with, adding the security firm had confirmed the hacker, YamaTough, did indeed have the 2006 source code.
YamaTough and other hackers claimed over Twitter they had no intention of taking the money, and said they tried to get Symantec to donate to charity instead. "We tricked them into offering us a bribe so we could humiliate them," YamaTough told Reuters.
Symantec has since offered a free upgrade to pcAnywhere to ensure it's safe to use, but the hackers claim to have access to code from other products including its Norton antivirus.
No greed here then
I suppose that shows the difference between white hat hackers (they do it to make the world better) and black hat hackers (they do it to make themselves richer). I guess we found out which camp these people are in.
Meanwhile, the (presumably US) govt is still trying to get its head around the idea that for some people the world does not revolve around money...! Not sure what it does revolve around for these hackers, but clearly not money.
Unless Symantec are being inventive of course.
By SwissMac on 7 Feb 2012
Light grey hat
They were asked to lie about the hack not long before the code was released and suggested a charitable donation.
By dubiou on 7 Feb 2012
If these hackers were so ethical, what were they doing putting source code onto the web, if it did not belong to them? I think these hackers are onto some kind of ego trip.
By fogtax on 9 Feb 2012
Black hats aren't in it for money, they are in it to cause disruption, damage others and power and fame among their peers.
There is a new breed of hackers that are in it for the money, but these guys seem to be traditional black hats.
If they had been white hats, they would have contacted Symantec and helped them protect the Indian Polic servers better.
By big_D on 12 Feb 2012
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords