Symantec: we didn't "bribe" hackers, police did

7 Feb 2012
hacking

Security firm says $50,000 offer was trap from law enforcement officials

Symantec has said it didn't offer $50,000 to hackers holding source code to some of its products, saying the payment negotiations were conducted by law enforcement officials.

The security firm said last month that [a href="/news/security/372454/symantec-tells-customers-to-disable-pcanywhere" title="Symantec tells customers to disable pcAnywhere"]

source code stolen in 2006 for its pcAnywhere[/a] remote access software was leaked online, warning users it could be a potential security risk.

Last night, hackers thought to be associated with Anonymous claimed the firm had offered it a "bribe" a week before it released the pcAnywhere code in January. "You won't believe it but Symantec offered us money to keep quiet," said YamaTough, thought to be one of the hackers, via Twitter.

The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation

A series of emails posted online shows negotiations between a hacker and a man claiming to be a Symantec employee, with a sum of $50,000 discussed to keep the source code from being leaked.

The emails suggested that as part of the deal the hackers would make a "public statement" saying they "lied about the hack".

However, Symantec called the potential payment "extortion", and added the email exchange was actually organised by law enforcement officials, posing as an employee as part of the investigation.

"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," company spokesman Cris Paden told Reuters, adding that no money was paid.

Symantec wouldn't say which law enforcement agency it was working with, adding the security firm had confirmed the hacker, YamaTough, did indeed have the 2006 source code.

YamaTough and other hackers claimed over Twitter they had no intention of taking the money, and said they tried to get Symantec to donate to charity instead. "We tricked them into offering us a bribe so we could humiliate them," YamaTough told Reuters.

Symantec has since offered a free upgrade to pcAnywhere to ensure it's safe to use, but the hackers claim to have access to code from other products including its Norton antivirus.

Read more

News