Welcome!

Machine Learning Authors: Pat Romanski, Yeshim Deniz, Liz McMillan, Elizabeth White, Zakia Bouachraoui

Related Topics: Cloud Security, Microservices Expo

Cloud Security: Article

Symantec Confirms Blackmail Attempt

The entry point was apparently servers run by Indian military intelligence

Starting last month an unidentified hacker - or maybe it's hackers - called Yamatough and believed to be part of a group called Lords of Dharmaraja and affiliated with Anonymous - from the looks of it not a native English speaker - or else a semi-literate - demanded $50,000 in blackmail from Symantec.

The entry point was apparently servers run by Indian military intelligence.

Yamatough threatened to expose stolen Norton antivirus and PCAnywhere source code.

Symantec, which secretly called the cops, told CNET it agreed to pay the extortion as part of a sting operation that failed. The PCAnywhere code was posted Tuesday.

The go-between was a fictional Symantec employee named Sam Thomas, who offered Yamatough incremental payments of $2,500 a month for three months until the Symantec was confident the code was destroyed. Sam was actually law enforcement.

CNET said "after weeks of discussions regarding proof of code and how to transfer payment, talks broke down and the deal was never completed. Yamatough then issued an ultimatum saying, "If we dont [sic] hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us."

"If you are trying to trace with the ftp trick it's just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You've got the doc files and pathes [sic] to the files. What's the problem? Explain."

Yamatough reportedly accused Symantec of bringing in the FBI. Symantec lied and said it didn't.

Yamatough then threatened, "Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it."

Symantec was reportedly hacked and lost its jewels in 2006 although it denied it at the time.

CNET says, "Symantec instructed its PCAnywhere users in late January to disable the product until the company could issue a software update to protect them against attacks that could result from the theft of the product's source code."

Reuters says dragging out the negotiation bought Symantec the time to issue patches last month for known vulnerabilities after asking users to stop using the software. The stolen Norton code is old, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security, and disclosure should impact users.

The hacker told Reuters he never intended to take the money. "We tricked them into offering us a bribe so we could humiliate them."

More Stories By Maureen O'Gara

Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at)sys-con.com or paperboy(at)g2news.com, and by phone at 516 759-7025. Twitter: @MaureenOGara

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.
An edge gateway is an essential piece of infrastructure for large scale cloud-based services. In his session at 17th Cloud Expo, Mikey Cohen, Manager, Edge Gateway at Netflix, detailed the purpose, benefits and use cases for an edge gateway to provide security, traffic management and cloud cross region resiliency. He discussed how a gateway can be used to enhance continuous deployment and help testing of new service versions and get service insights and more. Philosophical and architectural approaches to what belongs in a gateway vs what should be in services were also discussed. Real examples of how gateway services are used in front of nearly all of Netflix's consumer facing traffic showed how gateway infrastructure is used in real highly available, massive scale services.
The revocation of Safe Harbor has radically affected data sovereignty strategy in the cloud. In his session at 17th Cloud Expo, Jeff Miller, Product Management at Cavirin Systems, discussed how to assess these changes across your own cloud strategy, and how you can mitigate risks previously covered under the agreement.
Transformation Abstract Encryption and privacy in the cloud is a daunting yet essential task for both security practitioners and application developers, especially as applications continue moving to the cloud at an exponential rate. What are some best practices and processes for enterprises to follow that balance both security and ease of use requirements? What technologies are available to empower enterprises with code, data and key protection from cloud providers, system administrators, insiders, government compulsion, and network hackers? Join Ambuj Kumar (CEO, Fortanix) to discuss best practices and technologies for enterprises to securely transition to a multi-cloud hybrid world.