Symantec makes popular antivirus software Norton
Image Credit: Symantec Symantec

Following its hack on Symantec, confusion has emerged whether Anonymous attempted to extort money from the company before posting the stolen source code.

The Hack

Publicised by Anonymous's AnonymousIRC and YourAnonNews Twitter accounts, the initial post containing Symantec's stolen data appeared on Pastebin in early 2012. The post contained a portion of the source code for a number of Symantec's 2006 products.

The Lords of Dharmaraja (LoD) - a Mumbai-based group associated with Anonymous - subsequently took responsibility for the attack adding a link to the whole pcAnywhere source code file as a torrent file on ThePirateBay. The amended post came alongside claims that Symantec had attempted to bribe LoD not to release the data.

What Norton Say

Responding to the post, Symantec issued its own statement clarifying that while the data was authentic it was LoD that had made the request for money.

"In January an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession.

"At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them. All subsequent communications were actually between Anonymous and law enforcement agents - not Symantec. This was all part of their investigative techniques for these types of incidents," read Symantec's statement.

Symantec went on to suggest that a number of the alleged emails contained in Anonymous's subsequent data posts actually showcased LoD correspondence with a fake company account created by the FBI for a sting operation.

"The e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement. Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code."

Has Anonymous Turned Gangster?

The conflicting claims soon led to confusion amongst the online community and security analysts regarding whether the hacktivist collective had reduced itself to common extortion.

"Unfortunately on this occasion it's impossible for me to shed any light on whether the hacker or the FBI posing as 'Symantec' first mentioned money. I really have no idea, but assume that Symantec is telling the truth" said Sophos analyst Graham Cluley when asked which claim was true.

The only concrete theory stemmed from F-Secure Security Advisor Sean Sullivan, who - citing an early Pastebin post showcasing FBI and hackers emails - indicated a belief that the evidence does suggest, not prove, LoD initially brought up the subject of money.

"If F-Secure were in a similar position, it would contact law enforcement authorities. Based on the e-mail messages that have been leaked, it clearly appears to be an FBI sting attempt, and doesn't look as if Symantec was involved at all in communications with hackers." said Sullivan.

"The attachment is from the Pastebin dump here: The earliest dated message doesn't show the very first contact, so cannot say for sure which party brought up money first... but, this from Yamatough on 2012/1/25 gives an idea: 'We have a rule - and we always follow it: If you are the owner - you have the right to be the first one asked. That is why we kept silent at the time of negotiating with you.'

"Another telling factor, in my opinion, is that the earliest message, is "Symantec" aka FBI is: 'Have to check with Finance people'. So that sounds like a response to a request for money, and not that the FBI offered money."

It is worth noting that even if LoD did request money, the behaviour is not in line with Anonymous's previous habits and does not indicate that the collective has devolved to the level of a common criminal.

Anonymous lets any user join and become a member, or "Anon" as they tend to refer to themselves. A consequence of this is that there is no quality control about who joins, a problem that has meant certain members are not as adherent to Anonymous's pattern of behaviour or core values - whatever these may be. Meaning that if LoD did attempt to extort money, most Anons would not have been aware of this when giving the action their approval.

Anons with comments on the matter should contact the author of this work.