pcAnywhere Code on the Internet
On the Pirate Bay torrent tracker, a 1.3GB RAR archive has been published which contains the source code of the PC remote control software pcAnywhere. Symantec has already confirmed the authenticity of the code which was stolen in an incident in 2006 when unknown parties gained access to the source of various Symantec products.
The source code of Norton Utilities is already in circulation according to the company. Symantec expects that the source code of Norton AntiVirus (Corporate Edition) and Norton Internet Security will, sooner or later, also be posted online.
Pirate Bay torrent Tracker - Photo of the files
The publication is presumably the work of Yamatough, a hacker who claims to be part of the loose hacktivist collective Anonymous. Excerpts from an email exchange between Yamatough and Symantec employees have also appeared on the internet. The emails concerned a proposed payment of $50,000 to the hacker in order to prevent the publication of the source code.
Both the hacker and the company say their participation was a ruse, with Yamatough always planning to publish and Symantec saying they were being directed by a law enforcement agency. Yamatough told Reuters that “We tricked them into offering us a bribe so we could humiliate them”. Which side actually proposed the deal is currently unclear because the leaked emails do not contain the start of the negotiations.
The alleged Symantec employee, named Sam Thomas, pretended to want to take on the deal and was able to hold out for three weeks. A Symantec spokesman told Forbes that Sam Thomas was a false name used by the investigating authorities who wanted to find out the hacker’s identity.
Symantec used the extra time to patch known security holes and issue security warnings of an increased threat to customers, but it only did the latter after the hacker had published a snippet of the stolen code online. In the meantime, the company has even gone as far as to explicitly discourage the use of pcAnywhere.
- Hackers release Symantec pcAnywhere source code (cbsnews.com)
- Hackers fail to extort $50,000 from Symantec, as pcAnywhere source code is published (nakedsecurity.sophos.com)
- Hackers Publish Symantec’s Source Code After $50,000 Extortion Attempt Fails [Hackers] (gizmodo.com)