Anonymous operative YamaTough, the spokesperson for the hacktivist group “The Lords of Dharmaraja”, mistakenly accused Symantec of attempting to bribe the group in order to prevent the release of source code for several of the company's products.
Turns out the email exchange posted on Pastebin which was alleged to have taken place between YamaTough and a representative from Symantec was really part of a law enforcement sting operation.
After some early communications with YamaTough, Symantec officials quickly realized the hacker and his group were making attempts to illegally extort funds, at which time the company turned over the operation to U.S. law enforcement.
"The e-mail string posted by YamaTough was actually between them and a fake e-mail address set up by law enforcement. YamaTough actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between YamaTough and law enforcement agents – not Symantec. This was all part of their investigative techniques for these types of incidents," Cris Paden, Sr. Manager for Corporate Communications at Symantec, said in an email to Infosec Island.
As previously reported, the hacktivists are responsible for exposing parts of the source code for the 2006 version of Symantec's Norton antivirus product, as well as posting questionable documents online that showed that the United States-China Economic and Security Review Commission (USCC) was possibly breached.
YamaTough had also sent Infosec Island 68 sets of usernames and passwords for compromised US government networks. The group maintains claims that the information was obtained from servers owned by various ministries of the Indian government.
Infosec Island had made multiple attempts to prompt YamaTough to provide actual proof that the data had in fact been stolen from servers operated by the Indian government, but all requests were either met with silence or an outright refusal.
Symantec maintains that the source code was stolen in 2006 in a previously undetected network security breach at the company. It is not known how YamaTough came to be in possession of the data, but it is certain now that he and his cohorts were looking to profit from it.
"In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide," Paden said in a comment on an Infosec Island article.
It is clear from the email exchange posted on Pastebin that YamaTough's reasons for threatening to release the source code has little or nothing to do with the original stated purpose YamaTough provided in an Interview with Infosec Island in January - to gain attention from the press and to undermine the current government of India in an effort to replace them with a more pro-American regime.
“…my team is pro US, we fight for rights in our country we are not intentionally harm US companies (sometimes we do hack into since our botnet is worldwide) but we do not steal credit cards and make money of it and we do not do banks etc. Our mission - exposure of the corruption... We wanna apologize for harm taken by the Symantec USCC and others, but without them being involved things which do occur in our state would never be covered and taken to the public, sometimes you have to sacrifice in order to achieve... and we do not approve sharing personal data and source codes with foreign governments. We want free and nice India and not police state,” YamaTough had previous proclaimed.
YamaTough also indicated the group is in possession of sensitive data from several companies other than Symantec, and they have yet to decide whether or not they will make the information public.
YamaTough subsequently tweeted that the stolen source code was now available for purchase on the black market: "All the Symantec source codes are now on sale! PcAnywhere, System Works, Internet Security and Norton GoBack with Utilities, NAV".
The message was followed by "Let the SYM show the paperwork to proove the STING =) them lols just try to look good after mayhem. Anyway NAV relase today comin... NAV release coming in 7 hours," and indication that the group may release the stolen source code today.
Several sources are reporting that the source code for Symantec's PCanywhere product has been posted on The Pirate Bay - a screenshot of the supposed data dump here (click to enlarge):