Negotiating with Anonymous: Symantec talks collapse, source code released

Security software company Symantec tried to negotiate this week with the hacker group Anonymous to prevent the release of source code stolen in 2006. But the talks failed, and now Anonymous has published both the code and the email trail detailing negotiations.

|
Arturo Rodriguez/AP/File
People wearing masks often used by a group that calls itself Anonymous take part in a rally in Madrid on May 15. On Tuesday afternoon, the "hacktivist" network Anonymous published the source code to security software vendor Symantec's pcAnywhere program on torrent sites, apparently after negotiations to the tune of $50,000 fell through.

Looks like the hackers win this round.

On Tuesday afternoon, the "hacktivist" network Anonymous published the source code to security software vendor Symantec's pcAnywhere program on torrent sites, apparently after negotiations to the tune of $50,000 fell through. Anonymous posted emails earlier this week detailing the negotiations, which took place between "Yamatough," an online personality representing an Anonymous-affiliated group, and either a Symantec employee or a law enforcement sting operation (it depends on who you ask).

According to the emails, Symantec offered Yamatough $50,000 in exchange for the destruction of the source code and a public statement saying that Symantec hadn't been hacked in the first place. Negotiations broke down when Yamatough demanded the money be sent through Liberty Reserve, an offshore account, and accused Symantec of cooperating with the FBI. Symantec asked for more time to negotiate and asked to send the money in small chunks, but the email exchange broke off after Yamatough gave the company ten minutes to "decide which way you go."

The alleged hack happened way back in 2006, but the issue didn't surface until last month. When Anonymous threatened to release the code in late January, Symantec initially asked users to stop using pcAnywhere, fearing that known vulnerabilities might be exploited. A few days later, it released patches for affected version that plugged the security holes.

At the same time, however, Symantec was apparently negotiating with the hackers to prevent the public release of the code. And now that negotiations have broken down, "pcAnywhere" is out in the wild, accompanied by the logo of the Anonymous subgroup "AntiSec." The group also threatened to publish the source code to several Norton antivirus programs, although that hasn't happened yet.

What's to be done? Well, it doesn't look like users are at much risk. Symantec has already released patches for pcAnywhere to protect against the vulnerabilities in the leaked code, and it says the Norton code is too old to be used for cyber attacks. But the hack certainly leaves Symantec with a public relations mess on its hands. Cris Praden, the company's Senior Manager for Corporate Communications, commented that Symantec contacted law enforcement as soon as the "attempted extortion and apparent theft of intellectual property" came to light.

Readers, are you battening down your security hatches? What do you think the fallout for Symantec will be for this incident? Let us know in the comments.

For more tech news, follow us on Twitter @venturenaut. And don’t forget to sign up for the weekly BizTech newsletter.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Negotiating with Anonymous: Symantec talks collapse, source code released
Read this article in
https://www.csmonitor.com/Technology/Horizons/2012/0208/Negotiating-with-Anonymous-Symantec-talks-collapse-source-code-released
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe