Negotiations over Symantec hack revealed
The hacker who threatened to release source code stolen from security software company Symantec has stated on Twitter that the company offered him US$50,000 to ‘keep quiet’.
However, Symantec says the hacker wasn’t dealing with a company representative, but a law enforcement official.
The hacker, who goes by the alias YamaTough, tweeted yesterday, "Sorry everybody for being silent that much. You won’t believe it but Symantec offered us money to keep quiet.”
This was followed by, "And guess what they couldn’t make it over 50k for the whole range of their src s**t, therefore the show starts as of tuday [sic].”
Symantec has responded by telling Reuters the offer was made as part of a sting operation being run by a law enforcement agency that couldn’t be identified for risk of compromising the investigation.
On January 27 the company advised customers using its pcAnywhere remote access tool to disable it until further notice because of the increased threat; the following week the tool was deemed safe, provided it was fully updated and patched.
In response to Symantec’s claim about the sting operation, YamaTough told the news agency he never intended to take the money, but tricked the company into offering a bribe ‘so we could humiliate them’.
Soon after the exchange, files purporting to be Symantec source code started appearing on file sharing sites. A Symantec representative has confirmed the code is that the hacker claimed to have stolen.
An email exchange between YamaTough and the supposed Symantec employee has been published on Pastebin; go here to read it.