After a lot of controversy and threats the hackers finally leaked the source code for Symantec’s pcAnywhere product, along with the emails we saw earlier today that contained the conversations between the hackers and the law enforcement representative that helped Symantec in the extorsion case.
The 1.4 gigabyte archive file containing all the source code was posted on The Pirate Bay and the conversations were published on Pastebin, matching precisely the ones provided by Symantec to SecurityWeek, but with a few extra details.
The archive that contains the source code comprise a lot of Java and C++ files, but also a lot of Microsoft Word documents filled with documentation on design and debugging, totaling some 47,000 files.
Most of the documents are dated 2001 and 2002, being catalogued as “Symantec Confidential.”
While most of the source code seems to legitimately belong to Symantec, many of them containing comments to show copyright information, some of the document files were altered to look as if they were made in 2012, even though their content clearly shows that they’re from 2001/2002.
Symantec will probably respond, but they’ve already released a patch to make sure that pcAnywhere customers are not affected by the potential vulnerabilities hackers can find using the source code.
A few hours ago we’ve learned that Symantec claimed Anonymous hacktivist were blackmailing them, asking for $50,000 (35,000 EUR) in return for a statement denying the fact that they were in the possession of the code.
On the other hand, the hackers say Symantec tried to bribe them with the $50,000 (35,000 EUR) for their silence.
“First they lied about being hacked in 2006. Then they didn't tell anyone about the hack or vulnerabilities for years. And now they bribing?” said Sabu, one of the founders of the Anonymous concept.
According to the leaked emails provided by the hackers, they were offered the money, but immediately started suspecting the FBI’s involvement, abandoning the negotiations and leaking the code.