Symantec has confirmed that hackers sought $50,000 from the company in return for the stolen blueprints to its flagship products. As part of a sting operation, Symantec told a hacker group that it would pay the money to keep the source code private.
An e-mail exchange revealing the extortion attempt shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named “Yamatough” to prevent the release of PCAnywhere and Norton Antivirus code. Yamatough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.
Yamatough is part of a group called Lords of Dharmaraja, which is affiliated with Anonymous. He is said to have been in possession of source code for its products, obtained in a 2006 breach of the company’s networks.
“We will pay you $50,000.00 USD total,” Sam Thomas said in an e-mail. “However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.”
However, company spokesman Cris Paden has said that no money was actually paid to the hackers. He said, “The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation,”
Paden declined to name the law enforcement agency, saying it may compromise the investigation. An email exchange released by the hacker, who is known as YamaTough and claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on January 18.