In association with heise online

08 February 2012, 15:02

pcAnywhere code on the internet after "hush money" ruse fails

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

pcAnywhere source code contents
Zoom The source code of pcAnywhere will facilitate the finding of any significant vulnerabilities
Source: heise Security

On the Pirate Bay torrent tracker, a 1.3GB RAR archive has been published which contains the source code of the PC remote control software pcAnywhere. Symantec has already confirmed the authenticity of the code which was stolen in an incident in 2006 when unknown parties gained access to the source of various Symantec products.

The source code of Norton Utilities is already in circulation according to the company. Symantec expects that the source code of Norton AntiVirus (Corporate Edition) and Norton Internet Security will, sooner or later, also be posted online.

The publication is presumably the work of Yamatough, a hacker who claims to be part of the loose hacktivist collective Anonymous. Excerpts from an email exchange between Yamatough and Symantec employees have also appeared on the internet. The emails concerned a proposed payment of $50,000 to the hacker in order to prevent the publication of the source code.

Both the hacker and the company say their participation was a ruse, with Yamatough always planning to publish and Symantec saying they were being directed by a law enforcement agency. Yamatough told Reuters that "We tricked them into offering us a bribe so we could humiliate them". Which side actually proposed the deal is currently unclear because the leaked emails do not contain the start of the negotiations.

The alleged Symantec employee, named Sam Thomas, pretended to want to take on the deal and was able to hold out for three weeks. A Symantec spokesman told Forbes that Sam Thomas was a false name used by the investigating authorities who wanted to find out the hacker's identity.

Symantec used the extra time to patch known security holes and issue security warnings of an increased threat to customers, but it only did the latter after the hacker had published a snippet of the stolen code online. In the meantime, the company has even gone as far as to explicitly discourage the use of pcAnywhere.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1430828
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit