homepage Welcome to WebmasterWorld Guest from 54.161.191.154
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Symantec Being Blackmailed
hacking leads to extortion attempt
lawman

WebmasterWorld Administrator lawman us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4415137 posted 6:22 pm on Feb 7, 2012 (gmt 0)

"A person identifying him or herself as Yamatough contacted Symantec in January and claimed to be in possession of the companyís proprietary source code for its Norton Antivirus and PCAnywhere software. The hacker provided code samples to prove possession of the code in question, and then demanded a payment of $50,000 to prevent the release of Symantecís code....a 1.2GB file titled "Symantecís pcAnywhere Leaked Source CodeĒ was posted to the Pirate Bay Monday evening. Symantec has not yet confirmed whether or not the code within the file is authentic." [foxnews.com...]

 

graeme_p

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 7:42 pm on Feb 7, 2012 (gmt 0)

1) Never give in to extortion. Symantec are quite right there
2) How crap is your code if a leak is such an issue?
3) How long until the "authorised OS only" keys MS is having in all WIndows 8 PC BIOSes gets leaked.

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 8:41 pm on Feb 7, 2012 (gmt 0)

silly to even try extortion, that money will have the biggest bullseye on it.

badbadmonkey

5+ Year Member



 
Msg#: 4415137 posted 2:43 am on Feb 8, 2012 (gmt 0)

What do Symantec lose if the blackmailer goes thru with his threats?

- Piracy already an obvious problem, pirates/freeloaders prefer "retail" distributions with installers etc, i.e. nobody will bother to compile the code for the sake of free software.
- Competitors would be nuts to copy any of the code, for obvious copyright infringement liabilities.
- Similarly any software patents stand alone and being able to see how something is coded is of little use in getting around them.

Maybe a bit of embarrassment if their code is of poor quality and vulnerable to geek/industry ridicule.

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4415137 posted 2:48 am on Feb 8, 2012 (gmt 0)

Any revelation of how the app works opens tremendous opportunity for virus writers, though I do agree that one does not give in to extortion/blackmail.

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4415137 posted 3:11 am on Feb 8, 2012 (gmt 0)

Hypothesis: hackers knew they weren't getting any money, but knew that by asking for it they would get a HUGE news story.

Most people writing viruses are not trying to make money, it's simple vandalism and ego gratification.

Symantec made, I think, an error by commenting on the case and cooperating with the media.

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4415137 posted 3:53 am on Feb 8, 2012 (gmt 0)

Or the "leaked code" was a plant by Symantec to throw the virus writers off the track.

</tinfoil off>

outland88

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4415137 posted 8:02 am on Feb 8, 2012 (gmt 0)

Seal Team 6 won't be bringing this one back for ID so this fellows friends should desert him pronto.

Vamm

5+ Year Member



 
Msg#: 4415137 posted 11:37 am on Feb 8, 2012 (gmt 0)

tangor,

You don't really write 1.2GB of consistent source code to throw someone off the track. That's sort of inefficient.

bhonda

5+ Year Member



 
Msg#: 4415137 posted 11:45 am on Feb 8, 2012 (gmt 0)

That's sort of inefficient.

Or really, really committed.

StoutFiles

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 1:22 pm on Feb 8, 2012 (gmt 0)

The hackers didn't ask for 50k, Symantec offered that in hopes that they could follow the money trail. The hackers said no, because 50k is not worth the chance of getting caught, and released the code. Symantec has failed at every step of this story.

bhonda

5+ Year Member



 
Msg#: 4415137 posted 1:49 pm on Feb 8, 2012 (gmt 0)

A little bit off-topic, and probably fairly naive, but how is The Pirate Bay still up and running?

Wasn't MegaUpload shut down because of its dubious content...how can Pirate Bay still be up if it hosts a high-profile piece of stolen work like this Symantec code?

I'm not arguing either way, I'm just a little bit confused - I feel like I'm missing something somewhere!

StoutFiles

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 2:10 pm on Feb 8, 2012 (gmt 0)

MegaUpload had servers in Virginia, therefore they were subject to American laws. Admins were able to be arrested in New Zealand because they have an agreement with America to extradite felons.

bhonda

5+ Year Member



 
Msg#: 4415137 posted 2:37 pm on Feb 8, 2012 (gmt 0)

subject to American laws

Gotcha - I assume Pirate Bay isn't in the US then. Thanks for explaining!

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 2:38 pm on Feb 8, 2012 (gmt 0)

there is also this other tricky bit that PB servers don't actually host ANY stolen content.

where as megaupload actually hosted the stuff right their on their servers.

StoutFiles

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 3:32 pm on Feb 8, 2012 (gmt 0)

there is also this other tricky bit that PB servers don't actually host ANY stolen content.

where as megaupload actually hosted the stuff right their on their servers.


True. America has taken down middleman software before (Napster) but it's harder to do legally. MegaUpload made it easy to shut them down.

ergophobe

WebmasterWorld Administrator ergophobe us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4415137 posted 5:35 pm on Feb 8, 2012 (gmt 0)

The hackers didn't ask for 50k, Symantec offered that in hopes that they could follow the money trail.


That is positively idiotic. I didn't realize that Symantec had any employees that stupid, let alone one with access to $50,000 in petty cash.

J_RaD

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 9:25 pm on Feb 8, 2012 (gmt 0)


True. America has taken down middleman software before (Napster)


well with napster and the other types of those programs it was P2P ... and you traded files 1 to 1 with another person. So whoever sent whoever that file just gave someone an illegal copy.

torrents spread everything out all over the place... so each person only shares a few useless bits of data with other people, its not illegal to send people small bits of useless data.. its how all that is re-assembled on the other side.

Chico_Loco

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4415137 posted 11:49 pm on Feb 8, 2012 (gmt 0)

torrents spread everything out all over the place... so each person only shares a few useless bits of data with other people, its not illegal to send people small bits of useless data.. its how all that is re-assembled on the other side.


I'm pretty sure it IS illegal if those small bits of data comprise part of a program that is/was acquired/distributed illegal.

Napster may have been 1-to-1 but that's pretty much the same as multiple-to-1 if the end result is the person illegally obtaining something.

graeme_p

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4415137 posted 12:31 pm on Feb 9, 2012 (gmt 0)

@J_RAD, torrenting does breach copyright. One thing I did find interesting is that Priate Bay indexes legal torrents as well (I wonder if that affects legality?).

On the other hand it makes it less practical to track people down reliably.

JohnRoy

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4415137 posted 9:59 pm on Feb 13, 2012 (gmt 0)

The hackers didn't ask for 50k, Symantec offered that in hopes that they could follow the money trail. The hackers said no, because 50k is not worth the chance of getting caught, and released the code. Symantec has failed at every step of this story.


Agree that this makes sense.
Figured this was the case since 50k is way to little as ROI.

Still, any source for this claim?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved