Hacker YamaTough has published Symantec’s pcAnywhere’s source code. This program is used by users and companies to access personal computers remotely. The publication follows a $US50,000 extortion attempt that was made public last night.
After entering Symantec’s network and grabbing pcAnywhere and Norton Antivirus source code, hacker YamaTough told the company that their software contained backdoors that allow governments to spy on individuals and companies. According to the email exchange, he also said that he was going to publish these facts and the source code unless Symantec paid him $US50,000.
Following that threat, Symantec contacted the FBI. Their agents then posed as Symantec employees, trying to gather proof of the extortion. The email exchange showing the conversation between YamaTough — who claims to be associated with Anonymous and AntiSec — and the FBI was published last night. This was YamaTough last message:
Since no code yet being released and our email communication wasn’t also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.
He has completed the first part of this threat, publishing the 1.27GB of source code from pcAnywhere on Pirate Bay.
I like when any hacker publishes hidden truths and denounces backdoors that everyone should know about. Asking for money not to tell this information, however, is not only hypocritical and criminal, but not cool at all. This is not fighting for anyone’s rights. This is just trying to get money easily. [Pirate Bay via Computer World]
wsDK_II
Wednesday, February 8, 2012 at 7:49 AMactually, the asking of money was going to be used to prove that the company knew of the backdoor and was going to do anything to cover it up. The plan was to release everything anyway, with the added bit that this company was ready to go dirty as well.
the $50,000 was going to go to charity.
Giz, i am dissapointed that you were so shallow in your reading of this work. Anon and Lulz are FOR THE PEOPLE.
and we never work alone.
The people deserve to know the truth.
TvZ
Wednesday, February 8, 2012 at 9:32 AMI didn’t think they were for me when I couldn’t play on PSN…
Mr Kips
Wednesday, February 8, 2012 at 9:39 AMBut you were all for a company with zero security of their customers data? It was a harsh but necessary evil.
SilentWolf
Wednesday, February 8, 2012 at 12:14 PMThrere are many different ways to tackle a security problem, the “hackers” made the most rash descision, rather than asking the Sony if they could help find security flaws.
Adam
Wednesday, February 8, 2012 at 8:08 AMYay all these hacking groups support the 99% – except the 99% who use Norton and are now going to be completely exposed…
Kai Howells
Wednesday, February 8, 2012 at 8:23 AMAdam – the 99% who use Norton products were already exposed. That’s the point of releasing teh codes.
wsDK_II
Wednesday, February 8, 2012 at 8:50 AMExactly.
and besides, the 99% should not be using an anti-virus anyway, i have not used one in 3 years and have not needed it (sometimes i install kaspersky to check, but it always comes up clean! :D)
if you are going to use an anti virus, kaspersky or Microsoft Security Essentials would be the go.
Andrew
Wednesday, February 8, 2012 at 9:18 AMSo your basing your opinion of an anti-virus program on the fact it didn’t't find any viruses.
lol, why don’t you just use facebook as your antivirus client then :P
Jazz
Wednesday, February 8, 2012 at 9:59 AMI think the point that he was (poorly) trying to make was that the threat of Viruses is often more for the benefit of the companies that make virus scanners, of which Symantec are the largest, than it is for the people that actually write viruses. Viruses were rampant in the late 80s early 90s, but these days….? These days they are more email trojans then actual ‘viruses’ and with a little education, people can protect themselves for free, and don’t need to pay $$$ for a ‘subscription’.
Seriously, the day Symantec went for a subscription model my first thought was ‘mob protection payment’.
wsDK_II
Wednesday, February 8, 2012 at 10:19 AMI was saying that Norton is bloated, $$ crap that consumers buy because they have no idea about anything to do with computers. There are better options out there.
James Ray Cox
Wednesday, February 8, 2012 at 10:04 AM+1 to Microsoft Security Essentials
vin
Wednesday, February 8, 2012 at 11:09 AMThere is, of-course, the conspiracy theory that AntiVirus companies make up the majority of virus’s out there…
imagine if people were to use this, now obsolete, code to bandage up the loop holes normally exposed.
i’ll admit, this could really be tragic and harmful…
but it could also be positive down the track…
i say this asss a commercial symantec user who is currently sh!tting myself, but still trying to be hopeful! :)
Dan
Wednesday, February 8, 2012 at 8:39 PM+2 for MS Security Essentials
Geoff
Wednesday, February 8, 2012 at 8:51 AMAnonymous is a movement rather than a single entity – it will be impossible to stop it altogether.. so the only fight the government will have is to discredit it via impersonating Anon and doing something ‘not cool’. It’ll happen. Weeks, not months away I think.
Jack
Wednesday, February 8, 2012 at 9:37 AMGood on ‘em!
Josh
Wednesday, February 8, 2012 at 9:55 AMUnfortunately this is extortion, it does not matter where the money was going. The point could have been made by releasing the code without asking for the cash.
Frogstar
Wednesday, February 8, 2012 at 9:55 AMAccording to the BBC, it takes about 8 seconds for a completely unprotected PC to get a virus, and 5 minutes before it is rendered totally unusable.
http://news.bbc.co.uk/2/hi/programmes/click_online/4423733.stm
Osiris Fox
Wednesday, February 8, 2012 at 10:51 AMDude, that is a mostly BS fear mongering article. Firewall switched off, un-patched XP (god knows what else they did to make it more vulnerable). Of course the thing is going to suffer on the net. I have re-installed many XP machines, that then need to actually hit the internet to update service packs and so on. This is accomplished prior to any Anti-Virus being loaded and so on. Funny that I’ve never been taken down in 8 seconds. Yes it’s possible, but you really have to “bait” the computer by taking down ALL it’s defenses to get attacked that quickly.
Blake
Wednesday, February 8, 2012 at 12:09 PMA 7 year old article using a version of Windows that came out 2 iterations and 11 years ago without any of the updates and with all the defences down?
That’s going really far out of your way to get infected.
I’d like to see them try that today with Windows 7 with all the default settings and updated applied. I bet unless they started trying to get infected by surfing the web until they found some video.exe file to install they’d be fine.
If publishing this source does shine some light on anything fishy in the Symantec code base I’m all for it.
If the source absolves Symantec of certain accusations then Antisec were just blackmailing pure and simple.
jeremy
Wednesday, February 8, 2012 at 12:31 PMso every install is now a potential bot-net trojan, right? Because the source for the back door is in the wild. Great, a night of tedious uninstalls for me. Group Legal action anyone?
Kris
Wednesday, February 8, 2012 at 1:02 PMPlease, please be trolling.
SC
Wednesday, February 8, 2012 at 1:37 PM@jeremy the difference is now everyone knows about the exploits and can at least patch them. Before you wouldn’t have known if you were being exploited at all.
Warp
Wednesday, February 8, 2012 at 1:32 PMsorry, but i dont know what the problem is here. I’ve never had a virus and I use minimal security protection, If anything I just use bitdefender…
The fact that there was already a backdoor to symantec’s anti-virus, shows you guys where already in as much risk as to when “YamaTough” exposed it. Most hackers would of found the backdoor and then gone to town on your computer, These guys have released it so the problem is well known and it forces the company to resolve the problem. I dont understand why you guys are all getting so worked up over it. If you honestly thing you would be targetted out of the millions upon millions of computers out there… then I don’t think you should be online…
Sam
Wednesday, February 8, 2012 at 3:09 PMPretty sure, if the 99% were smart, they wouldn’t be using Norton :P