Symantec Code Leak Happens Where Sidewalk Ends in Law Enforcement Sting Attempt


The source code stolen from Symantec in 2006 has been waiting in limbo for the past month as part of a hostage negotiation between the hacker Yama Tough and a persona invented by law enforcement officials to attempt to get the hacker to reveal themselves. This story first began to unfold back in January when it was discovered that Symantec had lost old source code (ancient in terms of software development) and that it was about to go onto the Internet.

Negotiations ended recently with the 1.27 gigabytes of source code released Monday night, claimed to be source from Symantec’s PCAnywhere. The company also makes Norton Antivirus, they warned users to disable PCAnywhere until they patched it (which happened earlier this month.) Thus, this leak may have little to do effect on the market altogether.

What really looks interesting about this is the saga of the sting and the involvement of law enforcement.

It all starts with a persona generated by law enforcement under the pretense of being a Symantec staffer offering $50,000 to not release the code. This started a month-long drama with the hacker Yama Tough, part of the Anonymous hactivist collective and also a member of the now notorious Lords of Dharamaja.

“You won’t believe it but Symantec offered us money to keep quiet,” YamaTough wrote on Twitter. “And quess what they couldn’t make it over 50k for the whole range of their src shit, therefore the show starts as of tuday.”

Of course we know now that the supposed Symantec staffer, “Sam Thomas,” is really a false identity used to attempt to lure the Lords of Dharamaja out and get them to reveal the code and perhaps set themselves up for arrest. The entire conversation that Yama Tough had with who they believed to be Symantec had been with law enforcement.

Over the weeks, a protracted negotiation for the $50k amount began to draw out. While the amount had been agreed upon YamaTough and cohorts would not accept it in small increments over time, they wanted it all at once in a lump sum or not at all. The hacker offered a Liberty Reserve account for the extorted money, refusing to accept PayPal transfers (possibly because of how easily it could be traced or stopped.) During the negotiations YamaTough revealed suspicions by accounting a belief that Symantec was working with the FBI.

We know now all of this had been for naught: the code is now leaked onto the Internet via BitTorrent.

Symantec is still poring over the leaked code. They still maintain that the code is way out of date, and a spokesperson for the company has stated that they believe that the recent patches will protect customers.

“We’re able to say with high confidence,” said Cris Paden of Symantec to Forbes, “any type of cyber attacks generated by this attack would have old characteristics and look like an attack from 2006 that can easily be stopped using current versions of our solutions. Our customers are protected.”

The saga may be over with the leak of the code, but the next step will be the cat-and-mouse game between law enforcement and the Lords of Dharamaja. Symantec has told the media that the cannot comment on what they know about any evidence revealed or the strategy of law enforcement.

“As to what happens next,” Paden says. “We’re not really sure.”

For those curious, the entire e-mail chain between YamaTough and the false Symantec employee persona is available on