Hackers spunk 'pcAnywhere source' after negotiation breakdown Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec's pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and "a federal agent posing as a Symantec employee". Symantec has confirmed that a dialogue had taken place between the …
They are simple criminals who tried to extort money, and when that failed they used this opportunity to remind their future victims that they mean business by releasing the code. Sickening.
If any among Anonymous care about their image or ideals, they should condemn this and go after the bastards right away.
At the very least the chat logs shows the kind of tricks the FBI employ to track people. Pretty simple stuff. I imagine the real purpose was to trip up the FBI doing something dodgy rather than turn a profit.
To anyone with a brain the moment they said the corporate email system deleted a simple (.cpp ?) attachment and that there was nothing the company could do about it is when its obviously a sting.
That's the problem with an anoymous, open, unregulated group of people. Anyone could do anything and blame it on Anonymous and there's no way that anyone can definitively say it *wasn't* them, even other members of Anonymous.
That was *always* the problem with flying under that moniker or condemning/condoning any of their actions. There is no magical group of people called Anonymous that decides things and acts coherently. It's just a name, like John Doe, used by anyone who wants to do anything they wouldn't do with a real name attached. As such, you have no control over what the group does or where it goes. Even if lots of members of Anonymous discredit a particular act, that's not what anyone else hears - the guy doing it said he was part of Anonymous - a group famed for not knowing who its own members are.
I would be *incredibly* surprised if Anonymous doesn't keep coming up and up time and again in the news as various random people do things and blame it on them (What about that guy that gunned down the kids on the island? What if he'd been a "member" of Anonymous, etc.? What about MegaUpload? What about an unsavoury porn group? What about infiltration by government departments to discredit the name and turn Anonymous into the next "Terrorism"?).
You can't be a group, and let all your members do whatever they want, and then claim that you have a purpose.
Please stop referring to Anonymous as an entity. It's not. It's a moniker that anyone can use at any time and for any purpose. You cannot stop people using that name any more than you can part the Red Sea. If you decide to condone the actions of a group like that, you're more stupid than you think. It's like condoning every action of every Fred in the world because one Fred did something good for you once.
You are right about it being the next 'terrorism' it will kill any sympathy the public has with Anonymous. Before the invasion of Afghanistan al-Qaeda was given an image of an organised military force with facilities that would make the baddest (and richest) bond victim very jelous. before the war Rumsfeld was on TV explaining a diagram of an 'al-Qaeda base' in a mountain which had advanced communication rooms etc this youtube video shows one of the many bases http://www.youtube.com/watch?v=FGhGHxw0mSo When it came to the reality it was a squalid cave full of old Soviet guns.
Anonymous can more easily fall victim to this fear inducing exaggeration having no spokesperson to counter claims, things like this are perfect ammo for the film industry, and perfect ammo for the government to pry closer on our interwebs because of cyber terrorism. There you go you heard it here first al-Qaeda have decided to stop making money off copied DVDs and run bit torrent sites instead, if you use them you are also a terrorist, obviously.
Producing a pox ridden product that cripples any PC it touches then proclaiming its a new ground up rewrite because well, lets be honest, our old version was shit, but this one isnt, honest guv?
More damaging than buying up good, solid products, then eviscerating them and making them totally useless to the professionals that use them?
More damaging than refusing refunds on software that has bricked a customers machine in the process of trying to install it?
To be fair I feel that Anon aimed a little bit low with this one and not at all surprised they got in.
Unsure what the point of this is. Symantec were forced to admit they were hacked and hadn't realised it so +1 for hacking skills. Symantec were blackmailed and brought in the feds. -1 for extortion. Software posted up on mirrors so it couldn't be taken down.. proving the Internet needs the kind of control SOPA/PIPA advocate and the opposite of what we should all be aiming for.
Ignoring the extortion attempt here as I am sure that if it was a simple case of pay us $50K or we release all your code, then they would have bent over backwards to keep this out of the media. Instead what you have is the total loss of faith in Symantec. A company that is one of the main players in security got hacked and then has its source code given to the world. Who in their right mind would ever install their software knowing that a hacker will be able to pull apart the software and pick over all the holes.
Who in their right mind would ever install their software knowing that a hacker will be able to pull apart the software and pick over all the holes?
Me, 'cause I run Linux.
Oh you meant 'Who in their right mind would ever install their software knowing that *only* a hacker will be able to pull apart the software and pick over all the holes?'
I also run Linux, have done for years along side my Mac and Windows pc.
my point i fear you might have missed, there is a huge difference between open source and closed source code, I know that with my build of Linux the releases have been managed reviewed and tested and that any security bugs get fixed and released as and when they are identified, something that the Linux development teams are fairly good for. I also know that my Linux machine and Mac are a lot safer platform to use than windows due to a few reasons, commonly that neither platform is mainstream and as such is not a prime target for hackers and virus writers (gits), they are not immune but the risk levels are far lower than Windows, to an extent that I don’t have to take the same precautions that I do on windows. Other factors is that the Mac OS has a better security model than Windows and judging by the lack of updates It’s less buggy. Linux tends to be run by more tech savvy users who have a better understanding of the risks, while this has changed somewhat in recent years Linux is still not a mainstream platform for desktop PCs. Windows on the overhand ( my preferred platform) is the biggest desktop platform by far and as such is more at risk of hackers and gits. Closed commercial source code tends to get released with known bugs, which carry a risk, some of these known bugs can be resolved or worked around with a help file and a few lines on a web page and can then be fixed in a future update. There will also be a few unknown bugs that testing has not identified. It no secret that commercial development does not always follow every step of a development process fully and some times not at all. Getting access commercial source code will give a hacker a head start, even more so when that software is used as much as this one is.
Yeah your right....few points to add.
The thing is with unix system (not osx), as you will know, is you can just turn huge amounts off and keep running what you only need so you limit your exposure to hacks by very large margins.
Most of the unix software is also battle tested in the open, as discussed, and not connected up to any internal API so they all sit in sand box basically to a degree by design.
Everything in win hooks up so holes in something odd know body thought to pen test leads to access to something very important.
Due to less admin config ability on win a bug on one win system usually hits them all.
Not to mention the network config is important also and use of VPN or SSH should have been the only way to access the server that go hacked so evidently that was all to pot.
Not their coders fault (they still make bulky but good software) this would have been some dumb admin who is probably not working there now.
"'Symantec' was prepared to offer payment of $50,000 (in instalments) on condition that [someone] made a statement that the hack it claimed against Symantec was a lie."
Was this "WE NEVER WOZ HACXED, S'TRUTH" the Fed's idea?
Also, no "Intellectual Property" was stolen. One could maybe say that trade secrets were divulged.
John Leyden chose to start the article with "Hacktivists affiliated with Anonymous". After reading the article and others reporting this story its clear that the fact is "hacktivists [i]CLAIMING[/i] to be affiliated with anonymous" would be more accurate.
In an earlier comment LeeDowling said "Anyone could do anything and blame it on Anonymous and there's no way that anyone can definitively say it *wasn't* them" Hes right and Id like to add that I think that many of the general public DONT KNOW THIS.
Whats the point of this Mr. Leyden? Is it ignorance? probably not. Hype? More likely. Either way it stinks of news manipulation.
You might say " hey, so what , its really no big deal. But YES, it is a big deal, in fact ITS THE MOST IMPORTANT PART OF THE WHOLE STORY , exactly WHO was the person/entity attemping the extortion.
If they "Offered" rather than "were requested to pay", then that doesn't sound like extortion.
Rather, it appears Symantec were trying to buy a story along the lines "we weren't really hacked" which would appear to be a complete fabrication if stories that the source code is floating around on the Internet turn out to be true.
So it would appear to be a case of "(In)Security by Cover-up" rather than "Security by Obscurity".
Has any law enforcement agency confirmed that it was their operative impersonating a Symantec employee?
There are some pretty obvious ethical concerns within the security industry about hiring and funding black hats. Most operators will not consider hiring anyone with a black hat background.
Symantec's assertion that the conversation was with a law enforcement agency is a little 'convenient' in helping them avoid further criticism. They certainly wouldn't want to be accused of putting corporate interests ahead of ethical concerns.
Could they be asked to identify the agency involved, and a follow-up query placed with said agency for comment.
The truth is that the two super-secret Indo-Aryan hacking groups "Leaves of Dharmabananas" (historically harvested and fed to Dharma Monkeys) and "Legs of Dharmapyjamas" (historically worn to cover Dharma Bums) have once again joined forces and used the throwaway nym "Lords of Dharmaraja" to taunt the Feds.
(You'd think the Feds would have seen through the joke by now. "Dharmaraja", literally translated from Sanskrit, means "Rogered (i.e., golden riveted up the arse) by Dharma".)
...it's simple extortion.
Hacktivism involves trying to make a political or social point, and should not involve trying to make money from a "victim" or we are no better than the corporates we protest against.
Whoever this bunch are, they've done us a dis-service, but please, El Reg, don't call them hacktivists anymore?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
