Welcome to WebmasterWorld Guest from 54.162.60.75

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Symantec Being Blackmailed

hacking leads to extortion attempt

     
6:22 pm on Feb 7, 2012 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 28, 2001
posts:3589
votes: 57


"A person identifying him or herself as Yamatough contacted Symantec in January and claimed to be in possession of the companyís proprietary source code for its Norton Antivirus and PCAnywhere software. The hacker provided code samples to prove possession of the code in question, and then demanded a payment of $50,000 to prevent the release of Symantecís code....a 1.2GB file titled "Symantecís pcAnywhere Leaked Source CodeĒ was posted to the Pirate Bay Monday evening. Symantec has not yet confirmed whether or not the code within the file is authentic." [foxnews.com...]
7:42 pm on Feb 7, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2648
votes: 85


1) Never give in to extortion. Symantec are quite right there
2) How crap is your code if a leak is such an issue?
3) How long until the "authorised OS only" keys MS is having in all WIndows 8 PC BIOSes gets leaked.
8:41 pm on Feb 7, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2006
posts:1696
votes: 15


silly to even try extortion, that money will have the biggest bullseye on it.
2:43 am on Feb 8, 2012 (gmt 0)

Full Member

5+ Year Member

joined:Oct 9, 2007
posts:295
votes: 0


What do Symantec lose if the blackmailer goes thru with his threats?

- Piracy already an obvious problem, pirates/freeloaders prefer "retail" distributions with installers etc, i.e. nobody will bother to compile the code for the sake of free software.
- Competitors would be nuts to copy any of the code, for obvious copyright infringement liabilities.
- Similarly any software patents stand alone and being able to see how something is coded is of little use in getting around them.

Maybe a bit of embarrassment if their code is of poor quality and vulnerable to geek/industry ridicule.
2:48 am on Feb 8, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7621
votes: 517


Any revelation of how the app works opens tremendous opportunity for virus writers, though I do agree that one does not give in to extortion/blackmail.
3:11 am on Feb 8, 2012 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8489
votes: 224


Hypothesis: hackers knew they weren't getting any money, but knew that by asking for it they would get a HUGE news story.

Most people writing viruses are not trying to make money, it's simple vandalism and ego gratification.

Symantec made, I think, an error by commenting on the case and cooperating with the media.
3:53 am on Feb 8, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7621
votes: 517


Or the "leaked code" was a plant by Symantec to throw the virus writers off the track.

</tinfoil off>
8:02 am on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 22, 2003
posts:1230
votes: 0


Seal Team 6 won't be bringing this one back for ID so this fellows friends should desert him pronto.
11:37 am on Feb 8, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 30, 2005
posts:120
votes: 2


tangor,

You don't really write 1.2GB of consistent source code to throw someone off the track. That's sort of inefficient.
11:45 am on Feb 8, 2012 (gmt 0)

Full Member

10+ Year Member

joined:June 29, 2005
posts:216
votes: 0


That's sort of inefficient.

Or really, really committed.
1:22 pm on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
posts:2011
votes: 0


The hackers didn't ask for 50k, Symantec offered that in hopes that they could follow the money trail. The hackers said no, because 50k is not worth the chance of getting caught, and released the code. Symantec has failed at every step of this story.
1:49 pm on Feb 8, 2012 (gmt 0)

Full Member

10+ Year Member

joined:June 29, 2005
posts:216
votes: 0


A little bit off-topic, and probably fairly naive, but how is The Pirate Bay still up and running?

Wasn't MegaUpload shut down because of its dubious content...how can Pirate Bay still be up if it hosts a high-profile piece of stolen work like this Symantec code?

I'm not arguing either way, I'm just a little bit confused - I feel like I'm missing something somewhere!
2:10 pm on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
posts:2011
votes: 0


MegaUpload had servers in Virginia, therefore they were subject to American laws. Admins were able to be arrested in New Zealand because they have an agreement with America to extradite felons.
2:37 pm on Feb 8, 2012 (gmt 0)

Full Member

10+ Year Member

joined:June 29, 2005
posts:216
votes: 0


subject to American laws

Gotcha - I assume Pirate Bay isn't in the US then. Thanks for explaining!
2:38 pm on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2006
posts:1696
votes: 15


there is also this other tricky bit that PB servers don't actually host ANY stolen content.

where as megaupload actually hosted the stuff right their on their servers.
3:32 pm on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
posts:2011
votes: 0


there is also this other tricky bit that PB servers don't actually host ANY stolen content.

where as megaupload actually hosted the stuff right their on their servers.


True. America has taken down middleman software before (Napster) but it's harder to do legally. MegaUpload made it easy to shut them down.
5:35 pm on Feb 8, 2012 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8489
votes: 224


The hackers didn't ask for 50k, Symantec offered that in hopes that they could follow the money trail.


That is positively idiotic. I didn't realize that Symantec had any employees that stupid, let alone one with access to $50,000 in petty cash.
9:25 pm on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2006
posts:1696
votes: 15



True. America has taken down middleman software before (Napster)


well with napster and the other types of those programs it was P2P ... and you traded files 1 to 1 with another person. So whoever sent whoever that file just gave someone an illegal copy.

torrents spread everything out all over the place... so each person only shares a few useless bits of data with other people, its not illegal to send people small bits of useless data.. its how all that is re-assembled on the other side.
11:49 pm on Feb 8, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 20, 2002
posts: 812
votes: 1


torrents spread everything out all over the place... so each person only shares a few useless bits of data with other people, its not illegal to send people small bits of useless data.. its how all that is re-assembled on the other side.


I'm pretty sure it IS illegal if those small bits of data comprise part of a program that is/was acquired/distributed illegal.

Napster may have been 1-to-1 but that's pretty much the same as multiple-to-1 if the end result is the person illegally obtaining something.
12:31 pm on Feb 9, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2648
votes: 85


@J_RAD, torrenting does breach copyright. One thing I did find interesting is that Priate Bay indexes legal torrents as well (I wonder if that affects legality?).

On the other hand it makes it less practical to track people down reliably.
9:59 pm on Feb 13, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 26, 2002
posts:813
votes: 1


The hackers didn't ask for 50k, Symantec offered that in hopes that they could follow the money trail. The hackers said no, because 50k is not worth the chance of getting caught, and released the code. Symantec has failed at every step of this story.


Agree that this makes sense.
Figured this was the case since 50k is way to little as ROI.

Still, any source for this claim?