Starting last month an unidentified hacker - or maybe it's hackers - called Yamatough and believed to be part of a group called Lords of Dharmaraja and affiliated with Anonymous - from the looks of it not a native English speaker - or else a semi-literate - demanded $50,000 in blackmail from Symantec.
The entry point was apparently servers run by Indian military intelligence.
Yamatough threatened to expose stolen Norton antivirus and PCAnywhere source code.
Symantec, which secretly called the cops, told CNET it agreed to pay the extortion as part of a sting operation that failed. The PCAnywhere code was posted Tuesday.
The go-between was a fictional Symantec employee named Sam Thomas, who offered Yamatough incremental payments of $2,500 a month for three months until the Symantec was confident the code was destroyed. Sam was actually law enforcement.
CNET said "after weeks of discussions regarding proof of code and how to transfer payment, talks broke down and the deal was never completed. Yamatough then issued an ultimatum saying, "If we dont [sic] hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us."
"If you are trying to trace with the ftp trick it's just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You've got the doc files and pathes [sic] to the files. What's the problem? Explain."
Yamatough reportedly accused Symantec of bringing in the FBI. Symantec lied and said it didn't.
Yamatough then threatened, "Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it."
Symantec was reportedly hacked and lost its jewels in 2006 although it denied it at the time.
CNET says, "Symantec instructed its PCAnywhere users in late January to disable the product until the company could issue a software update to protect them against attacks that could result from the theft of the product's source code."
Reuters says dragging out the negotiation bought Symantec the time to issue patches last month for known vulnerabilities after asking users to stop using the software. The stolen Norton code is old, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security, and disclosure should impact users.
The hacker told Reuters he never intended to take the money. "We tricked them into offering us a bribe so we could humiliate them."