Symantec Tried to Buy Back Stolen Source Code for $50,000, Says It was a Sting Operation

Paul Lilly

Don't retire your home brewed aluminum foil deflector beanie just yet, there may be occasions where you'll still want to wear it. Take Symantec's source code snafu, for instance. When word got out that hackers had stolen certain source code from Symantec, the security firm initially brushed off the incident in the public eye saying the stolen code only applied to outdated software from several years ago. Not long after, Symantec advised pcAnywhere customers to stop using their product until it could release a patch. But what's really telling are a series of emails Symantec and the hacker responsible for the theft exchanged with each other.

There are a number of emails on Pastebin that show Symantec seemingly trying to negotiate a deal with YamaTough and his hacker cronies to prevent them from going public with the stolen source code.

"We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months," Symantec supposedly wrote in one of its emails. "In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem. Obviously you still have our code so if we don't follow through you still have the upper hand."

That doesn't look too good for Symantec, but the security firm says it was part of a sting operation run by an undisclosed law enforcement agency, Reuters reports . Reading through the emails, it appears Symantec is telling the truth. On the flip side, YamaTough claims he never intended to accept the $50,000, telling Reuters , "We tricked them into offering us a bribe so we could humiliate them."

Around the web