Sina Technology News, February 8th morning Beijing Time - A hacker named YamaTough published the source code of Symantec's pcAnywhere remote control software on Tuesday, sparking concerns that other hackers might use it to find vulnerabilities in the product and take control of user computers.
Symantec confirmed that this 1.3GB source code file has appeared on several file-sharing websites including The Pirate Bay. There was also a noticeable increase in the download activity of the BitTorrent files. The hacker group Anonymous has claimed responsibility for the incident.
YamaTough is a member of a hacking group called Lords of Dharmaraja and has ties with the well-known hacker group Anonymous. He had negotiated with Symantec via email and demanded a ransom of $50,000, but the negotiation eventually broke down. However, after the extortion email was disclosed on Monday, YamaTough claimed that despite being led astray by law enforcement posing as Symantec officials, he always intended to release the source code.
This negotiation may have bought Symantec some time to patch the vulnerabilities in pcAnywhere. This software allows users to remotely control their desktop computers. A spokesperson for the company, Cris Paden, said: "Symantec is prepared for the release of the code and has developed and released a series of patches since January 23rd to protect users from known vulnerabilities."
Symantec unusually asked users to disable the software until the patches were issued. On January 23rd, Symantec released a patch for pcAnywhere 12.5, followed by patches for versions 12.0 and 12.1 on January 27th. Paden stated that Symantec has been in contact with users and hasn't lost any customers. He indicated that if users install the latest patches, there will be no increased risk.
Symantec anticipates that the hacker will release the source code of other products, including the enterprise version of Norton Antivirus 2006 and Norton Internet Security. But Paden said: "As we've mentioned before, these are old codes, and Symantec and Norton users won't face more risks due to the leakage of the code."
After the $50,000 extortion email was made public, some mocked the world's largest independent security software company for trying to buy its way out of the situation. However, Symantec stated that this was communication conducted by law enforcement impersonating Symantec employees with the hackers. Paden said: "This is part of the investigation by law enforcement." Symantec did not pay any money.
Paden refused to disclose the name of the agency responsible for investigating the matter but said that the company would cooperate with the investigation.
The hacker claimed in the email to be located in Mumbai, India. Communicating with suspects via email is a common tactic used by law enforcement to understand the suspect and gain more time for arrest. However, YamaTough said that he never intended to take the money. He said: "I lured them into giving me a ransom to humiliate them." (Shuyu)
Related reports:
- Symantec hacked: security of tens of millions of users' information questioned
- Hacker steals Symantec software source code, demands $50,000 ransom
- Symantec advises users to stop using remote control software pcAnywhere
- Symantec third fiscal quarter net profit at $240 million, up 82% year-over-year