A series of emails on Pastebin show Yamatough negotiating with Symantec for the return of the stolen source code in exchange for a $50,000 payoff. However, the company claims the exchange was part of the investigation into the theft.
offered $50,000 to Yamatough in exchange for returning the source code
related to the companys pcAnywhere product, according to an email chain posted
. When negotiations fell
apart, a copy of the code was leaked and posted on Pirate Bay
the emails posted Feb.6, Sam Thomas, a Symantec employee, reached out to
Yamatough in mid-January to begin negotiations. Thomas asked for proof that
Yamatough actually had the code, asking for the path where the file was, as
well as seeing samples of the stolen loot.
Symantec has a
different version of the story. The individual "actually reached out to
us, first, saying that if we provided them with money, they would not post any
more source code," Cris Paden, senior manager of Symantec Corporate
Communications, wrote in an email. After an internal investigation verified that
source code was missing, Symantec contacted law enforcement. "Given that
it was a clear-cut case of extortion, we contacted law enforcement and turned
the investigation over to them," said Paden.
email string posted by Anonymous was actually between them and a fake email
address set up by law enforcement," said Paden.
chain does not include the initial message sent by "Sam Thomas."
, an individual associated with an
Indian hacker group, had claimed in early January to have obtained the source
code for several Symantec products in a network breach that happened in 2006
. Symantec downplayed the claim
, initially claiming
it was for old products and that the breach had happened on a third-party
server. A few days later, Symantec admitted the 2006 versions of Norton
Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks and
pcAnywhere had been stolen. Symantec warned users to stop using pcAnywhere
while it patched the
software, and on Jan. 30, said it was safe to use the software again.
from the email chain that Yamatough was talking with Thomas for the entire
month. "The communications with the person(s) attempting to extort the
payment from Symantec were part of the law enforcement investigation,"
Thomas used a
Gmail account to communicate with Yamatough, who appears to have a Venezuelan
address. Yamatough was also asked to send samples of the code and documents to
a secure FTP site. "We don't want these docs posted on a public
site," according to the email.
suspicious about the FTP site. "If you are trying to trace with the ftp
trick, it's just worthless," Yamatough wrote. "If we detect any
malevolent tracing action, we cancel the deal."
trying to set up a stand-alone computer so this doesn't affect our
network," was the reply.
On Jan. 30,
Yamatough wrote, "Time's up," and demanded Symantec name the price it
would pay to get the code back. The Feb. 1 offer was $50,000, with three
payments of $2,500 over three months. The company would then pay the remaining
balance to Yamatough after he was able to convince the Symantec that the code
had been destroyed.
rejected the offer on Feb. 1. "I am afraid we have to cancel the whole
deal because our offshore people won't let us securely get the money because
they won't process amounts less than 50k a shot," the email said.
never exchanged hands and was never going to," according to Paden. The
chain was just an example of the investigative techniques employed by law
enforcement authorities for these types of incidents.
calling the deal off, Yamatough wrote, "Say hi to FBI agents."
being in touch with the FBI, the Symantec email amended the offer with the same
initial three-month payment schedule, but asked Yamatough to make a public
statementin exchange for the rest of the moneythat the 2006 attack was a lie.
chains were published later on Feb. 6, and links to a Pirate Bay
page appeared on Twitter. The title of the page was
"Symantec's pcAnywhere Leaked Source Code," and in the description,
the user "samthomas" had written, "Symantec has been lying to
its customers. We exposed this point thus spreading the word that ppl
about the legitimacy of the code on Pirate
, Paden said Symantec was looking into it and had no additional
comments. Paden also said there had been exploit code released earlier in the
day attacking pcAnywhere, but Symantec had patched that vulnerability two weeks