Hacker Demands Money from Symantec in Exchange for Code

As it turns out, the incident as a result of which hackers managed to obtain the source code of some Symantec products is far from being over, the security solutions provider even requesting aid from a law enforcement agency after the attacker tried to blackmail the company into giving him $50,000 (35,000 EUR) in exchange for the code.

SecurityWeek reports that a law enforcement agent set up a special email account which he utilized to communicate with the hacker, YamaTough, pretending to be a Symantec employee.

Judging by the emails provided by SecurityWeek, the hacker, allegedly part of Anonymous, threatened the company multiple times, saying that if they don’t pay him, he is going to auction the source code.

After numerous emails, at one point, the agent, dubbed Sam Thomas, tells YamaTough that they’re setting up a standalone computer for an FTP transfer, fact which raises suspicion from the hacker.

“If you are trying to trace with the ftp trick it's just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You've got the doc files and pathes to the files. What's the problem?” the hacker writes.

Chris Paden, senior manager, Corporate Communications at Symantec revealed that only the first emails were between them and YamaTough, the rest being handled by law enforcement representatives.

They managed to convince the hacker that they can send him $2,500 (1,700 EUR) per month for the first three months and only then, in exchange for a public statement in which the hacker admits on behalf of his group that it was all a lie, he would receive the rest.

“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide,” Padden said.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.