It seems like only yesterday that anti-virus and internet security companies were warning about the rise of hacktivism and more companies being targeted by cybercriminals.

 

This prediction has come ironically true with news that hackers had stolen the source code for Symantec’s pcAnywhere software. According to Wired, the thieves wanted $50 000 (R400 000), to refrain from releasing the company’s source code online, but uploaded it to The Pirate Bay after negotiations via email faltered.

 

The first intriguing part of the story is that the email exchange with a hacker calling himself YamaTough, acting for an Indian hacker group called the Lords of Dharmaraja, was apparently a sting operation, in which a law enforcement official posed as a Symantec employee.

 

 

The negotiations (the full text of which can be found here) read like something out of a bad spy movie. The exchange includes the Symantec ‘employee’ asking for proof that the hackers have their code, and assurances that they would not release it if they were paid off, while both parties negotiate how payment would be made.

 

At one point, YamaTough switches from threatening the company – “we have many people who are willing to get your code,” he asserts, to proclaiming that “if we were really bad guys we would have already released or sold your code."

 

At another point the Symantec ‘employee’ asks what assurances they have that once they pay, the code will be destroyed instead of more money being demanded. "None of course," is the response. When it became clear that the two could not agree on terms of payment, the email exchange ended and the source code was apparently uploaded.

 

 

According to Wired though, Symantec stated that the source code in question was apparently from 2006 and “no longer posed a threat to its customers.” However, the company at first asked users to disable pcAnywhere and subsequently offered free upgrades and reassured that it was secure for use.

According to Reuters, the hacker asserted that the extortion bid was a ruse to trick Symantec into offering a bribe, in order to humiliate the company.

To the point

Perhaps the greatest irony though, besides from the fact that apparently not even an internet security company is safe from hacktivism or being targeted by hackers, is that it also demonstrates how genuine a threat having one’s information compromised really is.

This is a point on which every security company agrees and constantly reminds us – and hacking instances only enforces the viability of the products they want to sell, in the first place.