Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Set Up Extortion Sting On Symantec's Source Code Thieves

Posted by timothy on from the don't-worry-now-we're-telling-the-truth dept.

Sparrowvsrevolution writes "Hackers linked with Anonymous leaked another 1.26 gigabytes of Symantec's data Monday night, what they say is the source code company's PCAnywhere program. More interestingly, also posted a long private email conversation that seems to show a Symantec exec offering the hackers $50,000 to not leak the company's data and to publicly state they had lied about obtaining it. Symantec has responded by revealing that in fact, the $50,000 offer had been a ruse, and the 'Symantec exec' was actually a law enforcement agent trying to trace the hackers. It adds that all the information the hackers have released, including a 2006 version of Norton Internet Security, is outdated and poses no threat to the company or its customers. Symantec says the Anonymous hackers began attempting to extort money from the company in mid-January, and it responded by contacting law enforcement, though it won't comment on the results of the fake payoff sting while the investigation is still ongoing."

124 of 168 comments (clear)

  1. Cops set up FAILED exortion sting by elrous0 · · Score: 5, Insightful

    FTFY

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Cops set up FAILED exortion sting by Tsingi · · Score: 2, Interesting

      Aside from the fact that they did hack in and steal the code.

      It seems pretty obvious that the extortion was entrapment.

      Funny. Both Symantec and the cops have egg on their face on this one. Those guys better be well and truly anonymous because they have stirred the hornets nest.

    2. Re:Cops set up FAILED exortion sting by Anonymous Coward · · Score: 5, Funny

      Cops set up FAILED exortion sting

      As a person who is involved in this case (I'm with the cyber-crime unit of the FBI), I can confidently tell you that we've narrowed down our search (based on IP addresses) to a grandmother in a seniors home in Florida.

      Little does she know that joining Anonymous does not make her Anonymous. As I write this, the government is in the process of seizing her assets. She thinks she's smart, but in the end she'll end up loosing everything, including her wheel chair.

    3. Re:Cops set up FAILED exortion sting by tgd · · Score: 2

      Until you hear directly from the authorities that it was, in fact, a sting, its probably safer to assume it wasn't.

      Of course they'll SAY it was a sting... Symantec just had the whole world learn that extortion works with them.

    4. Re:Cops set up FAILED exortion sting by iamhassi · · Score: 5, Interesting

      Why is Symantec acting like they fooled Anonymous? In the email it says "Say hi to FBI agents" and Symantec is like "We are not in contact with the FBI."

      Symantec fail.

      Title should be: Anonymous outsmarts Police, Symantec sting

      --
      my karma will be here long after I'm gone
    5. Re:Cops set up FAILED exortion sting by Sarten-X · · Score: 1

      Entrapment? I do not think it means what you think it means.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    6. Re:Cops set up FAILED exortion sting by Tsingi · · Score: 4, Funny

      Entrapment? I do not think it means what you think it means.

      What?

      Inconceivable.

    7. Re:Cops set up FAILED exortion sting by Sir_Eptishous · · Score: 5, Funny

      And boy, there's nothing worse than a loose wheelchair!

      --
      We play the game with the bravery of being out of range
    8. Re:Cops set up FAILED exortion sting by Tsingi · · Score: 4, Insightful

      Actually, after having read a portion of the emails, it wasn't anything close to entrapment.

    9. Re:Cops set up FAILED exortion sting by elrous0 · · Score: 1

      I can confidently tell you that we've narrowed down our search (based on IP addresses) to a grandmother in a seniors home in Florida.

      Obviously someone with a disguise that clever is a serious threat to national security. Clearly her takedown warrants a kill, not capture, mission.

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    10. Re:Cops set up FAILED exortion sting by Anonymous Coward · · Score: 5, Insightful

      I wouldn't really call it "entrapment." That's if a cop tries to get you to commit a crime you were unlikely to commit. If I hack a major security company and steal their source code blackmailing the company is going to be right there on the list next to "sell on black market." Plus, it's not extortion since the "Symantec Exec" offered the money first.

      Last I checked, the police are totally allowed to lie to suspects. Anything from "last night, your momma said you always were a bad kid" to "we have the smoking gun and it points at you and is covered with every type of DNA imaginable (which would also make you a gun pervert) and it matches to you. It also says you're late on your alimony. "

    11. Re:Cops set up FAILED exortion sting by Anne_Nonymous · · Score: 3, Funny

      >> a grandmother in a seniors home in Florida

      On your conference call you said it was Arizona.

    12. Re:Cops set up FAILED exortion sting by postbigbang · · Score: 2

      Makes me wonder if Symantec is ginning this all up to save face. I wonder if we're being "handled".

      --
      ---- Teach Peace. It's Cheaper Than War.
    13. Re:Cops set up FAILED exortion sting by gl4ss · · Score: 2

      ..however, what they seemingly did propose - the cops/symantec,the symantec knew of the conversation taking place it's actually irrelevant if it was cops or symantec doing the offer, combined they just had no intention of actually paying- back to what they did propose: LYING TO SHAREHOLDERS ABOUT HAVING HACKED SYMANTEC.

      yes.

      --
      world was created 5 seconds before this post as it is.
    14. Re:Cops set up FAILED exortion sting by Flyerman · · Score: 1

      Don't they know the only way to trace anything is with a VB GUI interface?

    15. Re:Cops set up FAILED exortion sting by g0bshiTe · · Score: 4, Interesting

      I was more interested in the fact that Symantec is trying to make it look like Anonymous is into extortion, which from all reports has never been their goal.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    16. Re:Cops set up FAILED exortion sting by mangu · · Score: 2

      That's if a cop tries to get you to commit a crime you were unlikely to commit. If I hack a major security company and steal their source code blackmailing the company is going to be right there on the list next to "sell on black market."

      Are we now being judged by the crimes someone else believes we might commit?

      Having followed the alleged Anonymous hacks, the only thing they seem likely to do is to publish the data they got. A cop offering something to get them to do anything else is entrapment.

    17. Re:Cops set up FAILED exortion sting by Mister+Whirly · · Score: 2

      It would only be entrapment if they hadn't already obtained the data. Entrapment would be convincing them to break in and get the data for money before they had already done so. Asking someone to sell you something they have already taken isn't really entrapment seeing the crime has already been committed.

      --
      "But this one goes to 11!"
    18. Re:Cops set up FAILED exortion sting by Anonymous Coward · · Score: 1

      But... but surely Symantec and the FBI would NEVER resort to smear tactics. That's NEVER happened in the history of the FBI EVER!

    19. Re:Cops set up FAILED exortion sting by tonique · · Score: 1

      to a grandmother in a seniors home in Florida

      I wonder if its name happens to be Shady Pines.

    20. Re:Cops set up FAILED exortion sting by oztiks · · Score: 2

      Watching Catherine Zeta-jones flex around a bunch of lasers ... Yeah maybe I missed the definition myself

    21. Re:Cops set up FAILED exortion sting by tomthegeek · · Score: 2

      You wonder? I have far more reason to trust the hackers than Symantec at this point.

    22. Re:Cops set up FAILED exortion sting by Tsingi · · Score: 1

      Watching Catherine Zeta-jones flex around a bunch of lasers ... Yeah maybe I missed the definition myself

      Hmm, I haven't seen that.

      Shannon Elizabeth, Eliza Dushku, Ali Larter, Jennifer Smith

      Dressed in latex, about to flex around a bunch of lasers... http://www.imdb.com/media/rm1965725696/tt0261392

    23. Re:Cops set up FAILED exortion sting by postbigbang · · Score: 4, Insightful

      I believe that someone broke in and stole stuff from Symantec. I think that much is real. What did they steal? I don't think that we know the extent. Worse, I don't think Symantec knows, and that the extortion plot is possibly a ruse to save face on Symantec's part. Symantec and Verisign.... it seems like a potentially coordinated effort. I wish I could believe Symantec, but they've lied before and I feel they're untrustworthy. Does this mean that the facts are different than what they claim? For me, only third party verification of the claims will make me believe them. "Hacker communiques" are somewhat meaningless until someone coughs more code. I'm betting there's much more stuff stolen, but this is only a feeling.

      And I admit that Symantec might be submitting the facts. But I have to doubt it until the picture becomes clearer. The fact that they had no knowledge of the break-in means that other areas were also vulnerable, and they didn't know that. In an organization whose business is the best security, being breached successfully is tough to forgive. Add in the fact that they're still not sure of the extent, and it seems as though internal systems failure could have been rampant-- and maybe they'll never know, but would NEVER admit such a thing. Heads ought to roll there in a major way. Enrique leaves a negative legacy there....

      --
      ---- Teach Peace. It's Cheaper Than War.
    24. Re:Cops set up FAILED exortion sting by ArhcAngel · · Score: 2

      And until you hear directly from Anonymous that they did, in fact, pilfer the data, it's probably safer to assume it wasn't.

      Of course Symantec will BLAME Anonymous for their data breach...It makes them look more like they were maliciously hacked instead of completely incompetent.

      NOTICE!
      This post is full of sarcasm, innuendo, and tomfoolery.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    25. Re:Cops set up FAILED exortion sting by tragedy · · Score: 2, Interesting

      If the source code was stolen for reasons other than extortion and the people who stole it are genuinely unlikely to commit extortion, then offering them money then turning around and claiming they're committing extortion is entrapment. Whether it is or isn't entrapment depends a lot on details that are currently secret, so all we can do is speculate.

    26. Re:Cops set up FAILED exortion sting by AJH16 · · Score: 3, Insightful

      Um, I know it is hard to RTFA, but perhaps you should RTFS.

      "Anonymous hackers began attempting to extort money from the company in mid-January, and it responded by contacting law enforcement,"

      In short, the hackers decided to try to extort Symantec and a police officer responded as if they were the executives. This is in no way entrapment and in no way reflects badly on the police at all. It was a perfectly reasonable attempt at tracking down the perpetrators. How successful it was or wasn't doesn't matter as a lot of law enforcement is trying different things until the criminals screw up. (And yes, the people that broke in to Symantec are criminals and don't deserve any respect or sympathy at all.)

      --
      AJ Henderson
    27. Re:Cops set up FAILED exortion sting by bughunter · · Score: 1

      When you're elderly, there's a lot of loose things worse than a loose wheelchair.

      --
      I can see the fnords!
    28. Re:Cops set up FAILED exortion sting by Anonymous Coward · · Score: 1

      Dunno where you're from, but at our HQ, we trace things with voice commands, a fullscreen progress bar, and lots of blinking leaky optic fibres.

    29. Re:Cops set up FAILED exortion sting by garyebickford · · Score: 1

      Up til now, extortion has never been their stated goal. The question is, if someone calling themselves 'Anonymous' hacks your servers, how do you know if it's the 'real' Anonymous or an impostor - or some rogue member(s) of the real Anonymous? After all, they are anonymous.

      Obviously, there's no way to tell - unless one maintains the belief/fantasy that nobody who's really a part of Anonymous would do that. Unless Anonymous is a much smaller collection (group implies too much) than we've been led to believe, even the 'members' have no way of knowing. It's happened many times before, IRL as well as in movies and books. I would say it's even likely that such a thing will occur, if it hasn't already.

      --
      It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
    30. Re:Cops set up FAILED exortion sting by Anonymous Coward · · Score: 1

      i dunno, the way i understand it is that you're not Anonymous if you behave in a way that's not in keeping with the ethics of Anonymous - if you break them then you are NOT by default, but if you keep them then you ARE, even if you don't know it.

      not that I know.

    31. Re:Cops set up FAILED exortion sting by oztiks · · Score: 1

      You're missing out on seeing the pioneer of laser-latex-flexing :)

    32. Re:Cops set up FAILED exortion sting by MidGe · · Score: 1

      "They already committed the crime. There is no entrapment here."

      They had committed one "crime" perhaps (presumption of innocence and whether there was a "crime: at all (a matter of opinion)) but not the one of attempted extortion.

    33. Re:Cops set up FAILED exortion sting by tragedy · · Score: 1

      They already committed the crimes involved in hacking in to get the code. That is a crime that they already committed. Extortion doesn't necessarily go along with that. It may well have been the intent, but that's something that has to be proven. If it isn't proven, then offering them money to comply with not releasing the code, then charging them with extortion after would be entrapment. Just using it as a trick to catch them, then just charging them with the crimes they had committed without it being suggested by law enforcement first would not be entrapment.

    34. Re:Cops set up FAILED exortion sting by LiENUS · · Score: 1

      I really don't want to know why your interface is all GUI

    35. Re:Cops set up FAILED exortion sting by chrish · · Score: 2

      Just send in a drone, then you don't need to worry about warrants or anything.

      --
      - chrish
    36. Re:Cops set up FAILED exortion sting by sander · · Score: 1

      Enticing them to sell it to you is entrapment as far as "sale of stolen property" is concerned.

  2. Some things I agree with, some I don't by Tyr07 · · Score: 1

    But either way it's still fun to watch what Anonymous gets up to ;)

    1. Re:Some things I agree with, some I don't by Theophany · · Score: 1

      You say fun, I say frightening.

    2. Re:Some things I agree with, some I don't by John+Napkintosh · · Score: 3, Insightful

      Frightening that Anonymous bothers to do it, or that they're actually successful?

      --

      Long signatures suck.
    3. Re:Some things I agree with, some I don't by Anonymous Coward · · Score: 1

      These little tidbits are much more interesting than their large scale DDoS attacks.

    4. Re:Some things I agree with, some I don't by Anonymous Coward · · Score: 1

      The internet has created a generation of sociopaths.

    5. Re:Some things I agree with, some I don't by Anonymous Coward · · Score: 1

      The internet has exposed a generation of sociopaths.

      FTFY. The sociopaths have always been around, it's just that now they have a venue where we can see them easily.

    6. Re:Some things I agree with, some I don't by Theophany · · Score: 2

      Definitely the latter. Whilst I can agree with some of their arguments, I can't help but worry that a collective risen up from the cesspool that is 4chan wields such power.

    7. Re:Some things I agree with, some I don't by NatasRevol · · Score: 4, Insightful

      I see it as the evil mirror reflection of what business & politics has risen up and wielded such power.

      --
      There are two types of people in the world: Those who crave closure
    8. Re:Some things I agree with, some I don't by Anonymous Coward · · Score: 1

      No, banks and politicians did that.

    9. Re:Some things I agree with, some I don't by geminidomino · · Score: 3, Funny

      now they have a venue where we can see them easily.

      They have for decades. It's just that C-SPAN was so fucking boring, nobody bothered.

    10. Re:Some things I agree with, some I don't by gparent · · Score: 3, Insightful

      The cesspool is you and me. They aren't any more dumb or smart than the individuals that compose them at any given time. Nothing is surprising about this unless you haven't been on the internet for a while.

    11. Re:Some things I agree with, some I don't by iamhassi · · Score: 3, Insightful

      Frightening if you're Big Brother. Seems Anonymous has been looking out for the little guy so far. I definitely wouldn't want to be a CEO of one of these evil megacorporations with Anonymous watching me.

      --
      my karma will be here long after I'm gone
    12. Re:Some things I agree with, some I don't by Opportunist · · Score: 4, Insightful

      I hold your frightening and raise you a "duh".

      If you spend at least a month in IT security you'll easily see why duh. When you decide for that path, well, at least when I decided, the goal was to make the systems of the companies I work for secure. Safe from hackers, secure against all kinds of attacks. That was the plan, that was the goal.

      Now, about 10 years into the business, the dream has faded. That's not what I do. What I do is writing guidelines and processes nobody reads or bothers to heed, ticking off checklists to be compliant with some law from the ancient days (i.e. any time more than a year ago in security) and generally trying to cover my ass for the moment when (not if, when) the shit hits the fan.

      Because secure, we are not. But we're compliant with about any security protocol or certificate you could name. From BS7799 to ISO27001, from NERC1300 to pretty much all of its CIP substandards. And some PCI-DSS on top. Audit us by any standard you please, free choice, we'll pass.

      Compliance != Security, though. It's better than nothing, I give you that. And some kind of standard has to be found or nothing will ever improve. The problem is that managers don't give half a shit about security. What they care about is the legal matter behind it. It's commendable that our lawmakers finally realized that companies that store important and private data should be forced to uphold some kind of security standard.

      If we could now get some security standards that deserve the name, we could start talking.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    13. Re:Some things I agree with, some I don't by gl4ss · · Score: 1

      anonymous hackers would be better to use than Anonymous.

      anonymous just meaning that they don't know who they are.

      --
      world was created 5 seconds before this post as it is.
    14. Re:Some things I agree with, some I don't by Hatta · · Score: 2

      Anonymous is us. Business and politics is the evil reflection.

      --
      Give me Classic Slashdot or give me death!
    15. Re:Some things I agree with, some I don't by g0bshiTe · · Score: 1

      Must be his first days on the web.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    16. Re:Some things I agree with, some I don't by Opportunist · · Score: 2

      Bluntly, I prefer them doing it and shaming companies that don't give a shit about their security to the alternative, industrial espionage you don't notice 'til it's far too late.

      At least this way managers are pissing their pants and upping the security budget. No kidding, my budget skyrocketed this year.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    17. Re:Some things I agree with, some I don't by Dan541 · · Score: 2

      Seems Anonymous has been looking out for the little guy so far.

      Yes, by leaking their credit cards and personal information.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    18. Re:Some things I agree with, some I don't by Tyr07 · · Score: 1

      If you haven't noticed a lot of 'scary' things in this world are considered fun. Ever seen sky diving or bungee jumping?

      I have many choices. I choose to be amused by it rather than scared of it, or indifferent to it. Life's too short to not to try and enjoy everything that happens.
      Some things are impossible, others don't directly affect me so I'll make do.

      Plus all I see usually are large greedy companies getting it stuck to them hard. I don't mind seeing that a bit. I consider our government like that too.

  3. If they were really extorting by guruevi · · Score: 4, Insightful

    They would've taken the money. More likely they "offered" money whether it was in a sting or not in order to be able to claim extortion and put the Anonymous hackers in a bad light.

    I don't think the hackers are interested in money as much as they are in the information. The fact is Symantec screwed up and they'll have to take it, if they can't protect themselves then why should we trust them?

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:If they were really extorting by Opportunist · · Score: 4, Insightful

      It's actually sad. The statements by the "criminals" are more believable and more likely true than the statements by the "serious company".

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:If they were really extorting by Moheeheeko · · Score: 5, Funny

      It's actually sad. The statements by the "criminals" are more believable

      You mean to tell me you believe Symantec?

    3. Re:If they were really extorting by artor3 · · Score: 3, Insightful

      I know that's what you want to believe, but read the emails. It's abundantly clear that they did want the money. The only reason they didn't get caught is because they refused to transfer the money in any way that might be traceable.

      Anonymous are not the white knights you imagine them. Anyone can "be" them, and that causes them to attract a lot of thugs and sociopaths.

    4. Re:If they were really extorting by Lashat · · Score: 1

      and $50,000 buys a lot of anonymity.

      --
      For every benefit you receive a tax is levied. - Ralph Waldo Emerson
    5. Re:If they were really extorting by artor3 · · Score: 2

      Most people, including in Anon, don't have contacts with the sort of people who'd pay for the code. They would be fearful of contacting an undercover cop, of getting rooked, or of getting in over their heads.

      Besides, I suspect they would have released the data whether they got paid or not. You know... "for the lulz."

    6. Re:If they were really extorting by garyebickford · · Score: 2

      Naah. Somewhere between $1,000,000 and $50,000,000 buys a lot of anonymity. $50,000 just gets you started, after which you will have to spend your life being creative, staying on the run, living in odd and uncomfortable places, and never again seeing anyone you are related to or ever knew.

      --
      It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
    7. Re:If they were really extorting by gmhowell · · Score: 1

      Most people, including in Anon, don't have contacts with the sort of people who'd pay for the code.

      Think of the characters in Office Space trying to find someone to launder some money.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    8. Re:If they were really extorting by Lashat · · Score: 1

      Ok. You win with the more money buys more arguement.

      However, (while not explicitly mentioned in my orginal post) I was thinking of servers and software type anonymity. Not fleeing the country and living large in a Swiss Chalet or Grand Cayman Bungalow with my family and 10 friends under assumed identities certified by the state government.

      --
      For every benefit you receive a tax is levied. - Ralph Waldo Emerson
  4. Extortion != Anonymous by Krazy+Kanuck · · Score: 1

    I do not recall, and quick search did not return any prior example of, anonymous extorting info/data for money. Why attach this now? To me it reads more like "Anonymous ignores bribes, cop sting failed". Granted there have been threats of various sorts, but I cannot recall there being a money sum attached to any of them.

    1. Re:Extortion != Anonymous by Opportunist · · Score: 1

      Anon wants nothing. Anon is nothing. Hell, do we really have to regurgitate the crap news casters spit out, lacking more (or any) information, especially if we should know better?

      Anonymous isn't more a coherent group than the "people who like garlic bread".

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Extortion != Anonymous by formfeed · · Score: 3, Funny

      Anonymous isn't more a coherent group than the "people who like garlic bread".

      It is much easier to determine who is a member of the second group. Plus the "people who like garlic bread" can't sneak up on you.

    3. Re:Extortion != Anonymous by jank1887 · · Score: 1

      hence he said "the entity Anon in that email"

    4. Re:Extortion != Anonymous by Tsingi · · Score: 1

      But to argue that the entity Anon in that email is doing anything other then extortion is absolute bullshit.

      Is that not how you would proceed if you wanted to do exactly what they did?

    5. Re:Extortion != Anonymous by noh8rz2 · · Score: 1

      Plus the "people who like garlic bread" can't sneak up on you.

      thank you for making me smile. I'd throw in a vampire joke, but it would be derivative.

  5. Extortion? by Saintwolf · · Score: 1

    The only extortion is the fact that you have to pay to not have software (That you already paid for) screwing up. On a serious note though, I didn't think Anonymous would ever be so stupid as to try and extort money from a big company. Execs would much rather see their family die than lose corporate profits.

    1. Re:Extortion? by Tsingi · · Score: 1

      I didn't think Anonymous would ever be so stupid as to try and extort money from a big company..

      They didn't try extortion, it was offered and declined.

    2. Re:Extortion? by Saintwolf · · Score: 1

      You're right, I completely misread.

  6. GPL violations? by vlm · · Score: 2

    Edited short version:

    .... Anonymous leaked ... the source code company's PCAnywhere program... Symantec has responded ... all the information the hackers have released... poses no threat to the company....

    Its like they're tempting the world to diff their source code up against GPLed prior art to find license violations. I think it would be hilarious if it turns out pcanywhere was just a wrapped version of one of the numerous GPLed VNC implementations or similar.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    1. Re:GPL violations? by WrongSizeGlass · · Score: 1
      Weel, it seems like Symantec isn't really telling the truth about PCAnywhere not posing a threat to its customers. A quote from this Feb 1, 2012 article:

      Last week, the company took the highly unusual step of telling pcAnywhere users to disable the program based on a 2006 source code leak and this month's claims by members of Anonymous that they were mining the stolen code for vulnerabilities.

      Symantec spokesman Brian Modena declined to declare the now-patched pcAnywhere as safe to use when asked that question multiple times, but hinted that the fixes the company has released were sufficient.

      So I guess that if you patched your version of PCAnywhere then you're safe according to Symantec.

    2. Re:GPL violations? by 0racle · · Score: 1

      Do you have any proof that there might be violations or are you just proposing that any large, successful software project must be infringing on GPL software?

      --
      "I use a Mac because I'm just better than you are."
    3. Re:GPL violations? by vlm · · Score: 1

      Do you have any proof that there might be violations or are you just proposing that any large, successful software project must be infringing on GPL software?

      Proposing that "no threat to the company" implies they somehow comb their code to find GPL violations (how?), or they don't check so they might well exist. Or they think they're big enough to ignore any legal issues that might exist, which is frankly most likely to be true.

      Its kind of pompous to declare someone elses code is no threat when you almost certainly have no idea if it is or not. That's what makes it hilarious if and/or when they're proven wrong.

      Its about as bad as publicly declaring a piece of code to be bug-free, that's like calling wolves to raw meat. Come and get it!

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  7. Amusing... by Omnifarious · · Score: 3, Interesting

    Of course, anybody who's dealt with Anonymous knows they will try to get you to promise to sell out your customers or otherwise act in a way that's in your interests and detrimental to the interests of everyone you claim to 'protect'. They've done this multiple times. If I were an Anonymous target I would never agree to such a scheme because all that would happen would be that the conversation be published to make me look bad.

    Of course, having it be a 'police sting operation' is a great way to make it look like you weren't really going to sell out your customers. And who knows, maybe it's even true. And maybe all that source code really is for 'old versions'.

    But, the really incriminating evidence would be if there were emails showing that Symantec has been sponsoring or encouraging virus writers in some way. And I'm certain if Anonymous had that kind of evidence that it would be out in the open by now. So that means they don't. And maybe Symantec isn't as much of a sleaze bag company as I expected them to be.

    --
    Need a Python, C++, Unix, Linux develop
    1. Re:Amusing... by Omnifarious · · Score: 2, Interesting

      As an aside, the only people who believe that Anonymous is after money are people who have already sold out their ethics. Generally a big part of their self-justification for having done so is that 'everybody does it', and so the idea that Anonymous is in it for anything but the money would induce major cognitive dissonance.

      The tactic of trying to get your target to believe you want to extort them is a fantastic tactic for discovering people who deserve the kind of publicity it generates when you publish their willingness (and oftentimes eagerness) to be extorted. Unfortunately, I think sometimes Anonymous tries a bit too hard at this and there have been a couple of people they really badgered about it who truly weren't interested in the deal.

      --
      Need a Python, C++, Unix, Linux develop
    2. Re:Amusing... by elsurexiste · · Score: 1

      But, the really incriminating evidence would be if there were emails showing that Symantec has been sponsoring or encouraging virus writers in some way. And I'm certain if Anonymous had that kind of evidence that it would be out in the open by now. So that means they don't. And maybe Symantec isn't as much of a sleaze bag company as I expected them to be.

      Do you really think that conspiracy is plausible? Just consider how much money there is to make by writing malware and, suddenly, Symantec doesn't have to get its hands dirty to have a running business.

      --
      I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
    3. Re:Amusing... by noh8rz2 · · Score: 1

      From now on, I'll just use ad hominems at discussions.

      don't be a douche!

  8. 1.26 Gig? by Anonymous Coward · · Score: 1

    1.26 Gigabytes is one hell of a big virus. That's what Symantec make, right?

    1. Re:1.26 Gig? by Opportunist · · Score: 4, Interesting

      Let's see... grinds system to a halt, hard if not impossible to remove short of a reinstall, gives you no information what it actually does, contacts its maker and downloads code after sending god knows what...

      Yep. The pattern matches.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. should be public anyway by Dr.+Tom · · Score: 2, Interesting

    Security code should be open for review anyway, or it's probably full of bugs and worthless.

  10. Better option for the title by fibonacci8 · · Score: 5, Insightful

    Symantec and FBI attempt to patch security vulnerability with cash.

    --
    Inheritance is the sincerest form of nepotism.
    1. Re:Better option for the title by forkfail · · Score: 1

      Symantec Eschews Success Assaying Stingy Sting

      --
      Check your premises.
  11. Who gets paid? by bryansj · · Score: 3, Insightful

    How would they receive the $50K anyway? Split it up between all members who are supposed to be anonymous? Symantec/Police: Who do we make this check out to? Anonymous: Cash. Symantec/Police: Damn, foiled again!

    1. Re:Who gets paid? by noh8rz2 · · Score: 1

      there's a subgroup of people who are not anonymous to each other, at the very least pseudonymous. they split it amongst themselves, like a group of thieves. "anonymous" just means black-mask.It's not like when a thief steals from you he puts the money in the thief's guild bank.

    2. Re:Who gets paid? by The+Mister+Purple · · Score: 1

      "anonymous" just means black-mask.

      I thought the Guy Fawkes mask was mostly white?

      --
      "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
  12. Umm... lemme get this story straight... by Opportunist · · Score: 1

    You offered Anon 50k as a ruse and they declined. After they tried to extort that very sum out of you.

    Yeah. Sure. I believe your story.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Re:Who still buys Symantec? by Opportunist · · Score: 1

    Here's the business model of companies like Symantec:

    1. Pay to have a "demo" of your software on every new PC.
    2. Nag people who don't know how the hell to get rid of your crap into buying it.
    3. Profit!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  14. I realize I'm taking this out of context by james_van · · Score: 2

    It adds that all the information the hackers have released, including a 2006 version of Norton Internet Security, is outdated and poses no threat to the company or its customers

    Let's be honest - even a 2012 version of Norton Internet Security is outdated. And yes, I realize the context of the quote is referring to customer data, but it had to be said.

    1. Re:I realize I'm taking this out of context by forkfail · · Score: 1

      Let's be honest - even a 2022 version of Norton Internet Security is outdated. And yes, I realize the context of the quote is referring to customer data, but it had to be said.

      FTFY.

      --
      Check your premises.
  15. Re:$50K is an insult by james_van · · Score: 1

    they could have made a hundred times that by selling the source code to a rival

    who would actually buy the norton internet security source code?

  16. Wow. Dumb. by DarthVain · · Score: 1

    As been pointed out already, this is a report of a FAILED sting. Which makes those doing the sting look stupid, and the hackers at least cautious.

    It also brings to light that a security company that sells software to prevent people from being hacked, got hacked, had source code stolen, and perhaps extorted for money to cover it up.

    I am not sure how you could possibly ruin your reputation any further than they have already done.

    1. Re:Wow. Dumb. by gl4ss · · Score: 1

      I am not sure how you could possibly ruin your reputation any further than they have already done.

      I'm not so sure that you're familiar with Symantecs nagware marketing method(of course they've already done that too but it's unrelated to this)

      --
      world was created 5 seconds before this post as it is.
    2. Re:Wow. Dumb. by DarthVain · · Score: 1

      Agreed, they didn't exactly have a shiny reputation before this.

      However if you only really do one thing, that you sell. Then you epically fail at it, to the point that its not even your customers that are getting owned, but your own company. Then Announce it to the world, "Hey look at us, we are a bunch of stupid idiots!"

      I can't see how this company even exists anymore. You can get FREE software that does a better job.

  17. Oh yawn by Viol8 · · Score: 1, Troll

    Give it a fscking rest with the moronic student "big business is eeeevil" groupthink. If you want real evil go visit somalia or join the taliban and watch some women being mutilated for not obeying some religious instruction. In the meantime stay in your playpen and let the adults have a proper discussion.

    1. Re:Oh yawn by NatasRevol · · Score: 2

      Wow, what a great argument. Other places are more evil. So business buying politicians isn't bad. And don't ever talk about one without saying other things are worse.

      And then you end with a 'grow up' charge.

      You didn't win anything on the debate team, did you?

      --
      There are two types of people in the world: Those who crave closure
    2. Re:Oh yawn by g0bshiTe · · Score: 1

      "Oh yawn" post brought to you by 4chan.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    3. Re:Oh yawn by NatasRevol · · Score: 2

      Same dumb argument you used before. Somalia>corruption so not allowed to talk about corruption.

      Guess what? Corruption is evil. Maybe not Somalia evil, but still evil.
      Also, you don't get to judge what my definition of evil is.

      Apparently you haven't argued with too many people in the real world.

      --
      There are two types of people in the world: Those who crave closure
    4. Re:Oh yawn by h4rr4r · · Score: 2

      Self interest is the root of evil. Those people being mutilated happens because it is in the self interest of the mutilator. You are trying to argue shades of gray here.

    5. Re:Oh yawn by forkfail · · Score: 2

      Did it occur to you that maybe Somalia and Afghanistan didn't start out evil, but had to allow certain things to happen to become so?

      And that maybe we're allowing those same things to start happening here?

      --
      Check your premises.
    6. Re:Oh yawn by The+Mister+Purple · · Score: 2

      Agreed: if corporations were people, they'd be sociopaths.

      --
      "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
    7. Re:Oh yawn by garyebickford · · Score: 2

      The unfortunate fact for those who want to vilify business, or any other group, is that just like any other group, only a very small percentage of that group actually does that stuff. The vast, vast majority of business people (both statistically and in my own mid-size experience over 40 years) try to do the right thing all the time. It's not always obvious what the right thing is, but they try. Most businesses would rather not mess with politics at all, and many donate token amounts of money to campaigns on both sides just to avoid the 'gentle' extortions that the Federal politicians and bureaucracy impose on them.

      Just like in every other field, the stuff you hear about in the news is there for two reasons: It's unusual (i.e. it is 'news'), and it is shocking/depraved/bleeding/evil/ or whatever other form of titillation the media think will sell. If it were really common, it wouldn't be in the news.

      A while back (1990s IIRC), the IRS did a line-by-line audit of a larger than usual number of small business owners - companies in the $5 million to $30 million range, just to see how much cheating was going on. Their finding was that the vast majority of said owners were paying an average of 5% more in taxes than they were required to, because it was less hassle and less risky to avoid taking questionable deductions.

      I've worked with corporate heads of Fortune 500 and Global 1000 companies as well, and the same is true there. Most, not all, are trying to do the right thing. Those who are willing to use shady means are often shunned because they can't be trusted within the organization either.

      --
      It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
    8. Re:Oh yawn by JabrTheHut · · Score: 1

      Nestle is responsible for more children's deaths in Africa than anything war has thrown at them. Let me guess, that's not evil, only good business?

      --
      Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
  18. PCAnywhere by nitehawk214 · · Score: 2

    Wait, people still use PCAnywhere?

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
    1. Re:PCAnywhere by johnny+cashed · · Score: 1

      Just Anonymous

  19. Re:Anonymous by Mythran · · Score: 1

    I was going to be anonymous, then I took an arrow in the knee.

  20. That's not entrapment by abigsmurf · · Score: 5, Informative

    They had already committed the crime, the sting was to get them to give away their identity so they could be prosecuted for it. It's a legitimate tactic.

    1. Re:That's not entrapment by Tsingi · · Score: 1

      They had already committed the crime, the sting was to get them to give away their identity so they could be prosecuted for it. It's a legitimate tactic.

      Absolutely!

    2. Re:That's not entrapment by tragedy · · Score: 3, Interesting

      It is a legitimate tactic to find them. Whether or not it's entrapment depends on whether or not they would be charged with extortion on top of the other crimes afterwards and, if they were, whether or not there was any evidence that they actually intended extortion before being offered money (likely they would have to prove that they didn't intend it rather than the prosecution proving they did).

    3. Re:That's not entrapment by sixsixtysix · · Score: 1

      or sell the stolen car. isn't selling stolen goods also a crime?

      --
      ...
  21. $50,000 is laughable. by StoutFiles · · Score: 1

    If the money was a ruse, why not $5,000,000? No one will risk getting caught for a year's salary.

    1. Re:$50,000 is laughable. by The+Mister+Purple · · Score: 1

      That, or Dr. Evil is involved in Anonymous.

      --
      "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
  22. Re:$50K is an insult by james_van · · Score: 1

    there is one - the norton removal tool. removing norton was such a nightmare that symantic realized that norton had essentially become a virus, ie: affects system performance, collects user information, regularly "calls home" to upload undisclosed user details and downloads code without asking for permission, restricts programs from running or accessing system resources, and is nightmarishly hard to get rid of. with the removal tool, its actually quite easy to get rid of though. i used to run a repair shop, and the simple act of removing norton and replacing it with just about any other anti-virus would have a dramatic effect on performance. the down side is that removing norton had a negative effect on repeat business. we would remove it, and put on avast in its place, and never see those customers again for a virus problem.

  23. Re:$50K is an insult by james_van · · Score: 1

    why would a thief pay for the security details of a facility when it's guarded by a blind guy, a narcoleptic, and an old guy who may actually be dead? they wouldn't. so why would blackhats shell out the money for the source code when the program is stupidly easy to get around?

  24. Well... by forkfail · · Score: 1

    ... if it wasn't the case before, it sure is now that as distasteful as payoffs may be, they are no longer going to be an option, even if they might have been the best possible option for some corporation/entity.

    --
    Check your premises.
  25. "Linked to Anonoymous" by alexborges · · Score: 2

    Do tell, oh nice Law Enforcement and Symantec Execs, what "links" this thieves with anonymous?

    --
    NO SIG
  26. Re:Who still buys Symantec? by The+Mister+Purple · · Score: 1

    It's a good business model for computer repair outfits/people as well.

    1. 1. Customer brings in infected computer.
    2. 2. Run ComboFix and Malwarebytes.
    3. 3. Suggest replacing Norton with something that works.
    4. 4. Get turned down with "But I still have three years left on my subscription!"
    5. 5. Charge $200.
    6. 6. Wait 6 months.
    7. 7. GOTO step 1.
    --
    "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
  27. Re:$50K is an insult by The+Mister+Purple · · Score: 1

    Perversely, I was often happy that customers would cling to Norton. Bad for them, good for me. Part of the reason why I had to get out of consumer tech support.

    --
    "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
  28. Re:Wait, this looks bad for anonymous, not Symante by The+Mister+Purple · · Score: 1

    Old code that required current customers to patch their current software in order to be secure.

    Wait, what?

    --
    "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
  29. Why even care? by Kirth · · Score: 1

    The source is out there, so what? It's still protected by copyright, and most people won't be able to compile it.

    It's not like anyone can use it, apart from doing security-analysis and either sending symantec patches, or hacking their customers. And in that respect, it's not different than any open source software.

    (Well, of course, if you got a 10 year open source history, chances are your code is much better than if it gets accidentally released after years of bad practice. So this will hurt in the beginning; but pretty soon the quality will increase, either way...).

    --
    "The more prohibitions there are, The poorer the people will be" -- Lao Tse