Symantec Says Anonymous Behind Extortion Plot

Symantec says a group claiming to be with hactivist collective Anonymous tried to extort $50,000 from the security vendor to keep it from releasing product code stolen from the company in 2006.

A person claiming to be with the Anonymous group Lords of Dharmaraja contacted Symantec in January, saying that the organization had source code to several products. Symantec reported the extortion attempt to law enforcement and from that point on, all communications with the group was through police pretending to be Symantec through a fake e-mail address.

"This was all part of their investigative techniques for these types of incidents," a Symantec spokesman said.

The extortionist contacted Symantec after releasing the first code on the Internet Jan. 13. The Norton Utilities code was soon followed by a release of code from pcAnywhere, Symantec's software for using a PC to control another system remotely.

Sponsored post

Symantec expects the group to eventually post code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. Because of the age of the code, having it publicly available does not present a risk to Symantec customers, the company says.

In January, Symantec determined that the pcAnywhere code had placed customers at risk and recommended disabling the software until the company released a patch for vulnerabilities. Symantec resellers at the time took the disclosure in stride, pointing out that pcAnywhere was never a top seller for the company. "This is a minor issue in the grand scheme of Symantec's business," Andrew Plato, president and chief executive of Beaverton, Ore.-based Anitian Enterprise Security, said.

Symantec first reported the code theft in early January. The company initially reported it had been taken from a third party.

Further investigation showed that the code was taken from the company's network. Symantec does not know who stole code and will only say that they discovered "an incident" in 2006 that tipped them off to the theft. "We are still investigating what might have happened in 2006 and don’t have additional details to disclose," the spokesman said.