Symantec offered hackers $50k in source code sting

As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of its flagship security products off the internet, the security company has confirmed.

YamaTough's threat to release Norton Antivirus source code, posted on 14 January. Image credit: CNET News

An email exchange revealing the extortion attempt posted to Pastebin on Monday shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named 'YamaTough' to prevent the release of PCAnywhere and Norton Antivirus code. YamaTough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.

"We will pay you $50,000.00 USD total," Thomas said in an email dated Thursday. "However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain."

A Symantec representative confirmed the extortion attempt on Monday in this statement: "In January, an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession."

For more on this ZDNet UK-selected story, see Hackers wanted $50,000 to keep Symantec source code private on CNET News.