After failing to get $50k, hackers post Symantec source code

After failing to get $50,000 in hush money, a hacker group that claimed to have stolen the source code for products of computer security firm Symantec have released the code of the company's PCAnywhere product. However, tech site CNET said the public release of the code was not a surprise because the hackers known as “Yamatough” had threatened to release it if they did not get the $50,000 in extortion. It quoted Symantec spokesman Cris Paden as confirming the source code posted online was for PCAnywhere, a remote management software. But Paden maintained the stolen code was from 2006, adding the company prepared for its release. “Symantec was prepared for the code to be posted at some point, and has developed and distributed a series of patches since January 23 to protect our users against known vulnerabilities. We have been conducting direct outreach to our customers since January 23 to reiterate that in addition to applying all relevant patches that have been released, customers should also ensure that PCAnywhere version 12.5 is installed, and follow general security best practices,” Paden told CNET. Earlier, Symantec said it had sought law enforcement help to draw out Yamatough. A sting operation was even conducted where negotiations were made for the $50,000. But CNET cited a Reuters report quoting a ‘spokesperson’ for Yamatough that it never intended to take the money and merely wanted to humiliate Symantec and still release the code. Last Jan. 23, Symantec released a patch to secure PCAnywhere 12.5. On Jan. 27, the company rolled out another patch directed toward PCAnywhere versions 12.0 and 12.1. Stolen code The hackers calling themselves The Lords of Dharmaraja originally claimed they found the code after breaking into servers run by Indian military intelligence. But Symantec disclosed the group had taken the code for PCAnywhere and other products by breaking into its network in 2006. On the other hand, CNET noted Symantec expects more disclosures from the hackers, who also got the code for other Symantec software, including Norton Antivirus Corporate Edition, Norton Internet Security, and Norton SystemWorks. Symantec insists that since all the source code dates back to 2006, customers of the current versions of these products are at no risk. “We anticipate that Anonymous will post the rest of the code they have claimed to have in their possession... So far, they have posted code for the 2006 versions of Norton Utilities and PCAnywhere. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security,” Paden said. Paden also told CNET Symantec is still investigating the incident and has no information to provide. “As the extortion attempt by Anonymous indicates, we’re working with law enforcement right now. Therefore, given the active investigation, we’re not in a position to provide specifics on the incident at this time,” he said. Defenses For now, Paden said Symantec has taken steps to shore up its defenses, including:

• Improved Network Defenses: enhanced network monitoring, improved endpoint security, and additional data loss protection strategy and controls.
• Compartmentalized Access to Information: employees were only able to access the resources associated with their roles and responsibilities.
• Improved Source Code Security: significantly strengthened/hardened network and server defenses around source code repository.
• Improved Process Controls: removed many non-essential legacy domains to help ensure overall network security; redeveloped additional processes with respect to development and security controls.
• Employee Education: redeveloped internal security awareness and training processes to help employees recognize and respond to suspicious behavior.