Cops Set Up Extortion Sting On Symantec's Source Code Thieves

← Back to Stories (view on slashdot.org)

Cops Set Up Extortion Sting On Symantec's Source Code Thieves

Posted by timothy on Tuesday February 7, 2012 @03:11AM from the don't-worry-now-we're-telling-the-truth dept.

Sparrowvsrevolution writes "Hackers linked with Anonymous leaked another 1.26 gigabytes of Symantec's data Monday night, what they say is the source code company's PCAnywhere program. More interestingly, also posted a long private email conversation that seems to show a Symantec exec offering the hackers $50,000 to not leak the company's data and to publicly state they had lied about obtaining it. Symantec has responded by revealing that in fact, the $50,000 offer had been a ruse, and the 'Symantec exec' was actually a law enforcement agent trying to trace the hackers. It adds that all the information the hackers have released, including a 2006 version of Norton Internet Security, is outdated and poses no threat to the company or its customers. Symantec says the Anonymous hackers began attempting to extort money from the company in mid-January, and it responded by contacting law enforcement, though it won't comment on the results of the fake payoff sting while the investigation is still ongoing."

17 of 168 comments (clear)

Min score:

Reason:

Sort:

Cops set up FAILED exortion sting by elrous0 · 2012-02-07 03:13 · Score: 5, Insightful

FTFY

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:Cops set up FAILED exortion sting by Anonymous Coward · 2012-02-07 03:35 · Score: 5, Funny
  
  Cops set up FAILED exortion sting
  As a person who is involved in this case (I'm with the cyber-crime unit of the FBI), I can confidently tell you that we've narrowed down our search (based on IP addresses) to a grandmother in a seniors home in Florida.
  Little does she know that joining Anonymous does not make her Anonymous. As I write this, the government is in the process of seizing her assets. She thinks she's smart, but in the end she'll end up loosing everything, including her wheel chair.
2. Re:Cops set up FAILED exortion sting by iamhassi · 2012-02-07 03:44 · Score: 5, Interesting
  
  Why is Symantec acting like they fooled Anonymous? In the email it says "Say hi to FBI agents" and Symantec is like "We are not in contact with the FBI."
  
  Symantec fail.
  
  Title should be: Anonymous outsmarts Police, Symantec sting
  
  --
  my karma will be here long after I'm gone
3. Re:Cops set up FAILED exortion sting by Tsingi · 2012-02-07 03:53 · Score: 4, Funny
  
  Entrapment? I do not think it means what you think it means.
  What?
  Inconceivable.
4. Re:Cops set up FAILED exortion sting by Sir_Eptishous · 2012-02-07 03:55 · Score: 5, Funny
  
  And boy, there's nothing worse than a loose wheelchair!
  
  --
  We play the game with the bravery of being out of range
5. Re:Cops set up FAILED exortion sting by Tsingi · 2012-02-07 03:55 · Score: 4, Insightful
  
  Actually, after having read a portion of the emails, it wasn't anything close to entrapment.
6. Re:Cops set up FAILED exortion sting by Anonymous Coward · 2012-02-07 04:01 · Score: 5, Insightful
  
  I wouldn't really call it "entrapment." That's if a cop tries to get you to commit a crime you were unlikely to commit. If I hack a major security company and steal their source code blackmailing the company is going to be right there on the list next to "sell on black market." Plus, it's not extortion since the "Symantec Exec" offered the money first.
  Last I checked, the police are totally allowed to lie to suspects. Anything from "last night, your momma said you always were a bad kid" to "we have the smoking gun and it points at you and is covered with every type of DNA imaginable (which would also make you a gun pervert) and it matches to you. It also says you're late on your alimony. "
7. Re:Cops set up FAILED exortion sting by g0bshiTe · 2012-02-07 04:22 · Score: 4, Interesting
  
  I was more interested in the fact that Symantec is trying to make it look like Anonymous is into extortion, which from all reports has never been their goal.
  
  --
  I am Bennett Haselton! I am Bennett Haselton!
8. Re:Cops set up FAILED exortion sting by postbigbang · 2012-02-07 05:54 · Score: 4, Insightful
  
  I believe that someone broke in and stole stuff from Symantec. I think that much is real. What did they steal? I don't think that we know the extent. Worse, I don't think Symantec knows, and that the extortion plot is possibly a ruse to save face on Symantec's part. Symantec and Verisign.... it seems like a potentially coordinated effort. I wish I could believe Symantec, but they've lied before and I feel they're untrustworthy. Does this mean that the facts are different than what they claim? For me, only third party verification of the claims will make me believe them. "Hacker communiques" are somewhat meaningless until someone coughs more code. I'm betting there's much more stuff stolen, but this is only a feeling.
  And I admit that Symantec might be submitting the facts. But I have to doubt it until the picture becomes clearer. The fact that they had no knowledge of the break-in means that other areas were also vulnerable, and they didn't know that. In an organization whose business is the best security, being breached successfully is tough to forgive. Add in the fact that they're still not sure of the extent, and it seems as though internal systems failure could have been rampant-- and maybe they'll never know, but would NEVER admit such a thing. Heads ought to roll there in a major way. Enrique leaves a negative legacy there....
  
  --
  ---- Teach Peace. It's Cheaper Than War.
If they were really extorting by guruevi · 2012-02-07 03:17 · Score: 4, Insightful

They would've taken the money. More likely they "offered" money whether it was in a sting or not in order to be able to claim extortion and put the Anonymous hackers in a bad light.
I don't think the hackers are interested in money as much as they are in the information. The fact is Symantec screwed up and they'll have to take it, if they can't protect themselves then why should we trust them?

--
Custom electronics and digital signage for your business: www.evcircuits.com
1. Re:If they were really extorting by Opportunist · 2012-02-07 03:35 · Score: 4, Insightful
  
  It's actually sad. The statements by the "criminals" are more believable and more likely true than the statements by the "serious company".
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:If they were really extorting by Moheeheeko · 2012-02-07 03:49 · Score: 5, Funny
  
  It's actually sad. The statements by the "criminals" are more believable
  You mean to tell me you believe Symantec?
Better option for the title by fibonacci8 · 2012-02-07 03:33 · Score: 5, Insightful

Symantec and FBI attempt to patch security vulnerability with cash.

--
Inheritance is the sincerest form of nepotism.
Re:Some things I agree with, some I don't by NatasRevol · 2012-02-07 03:34 · Score: 4, Insightful

I see it as the evil mirror reflection of what business & politics has risen up and wielded such power.

--
There are two types of people in the world: Those who crave closure
Re:1.26 Gig? by Opportunist · 2012-02-07 03:43 · Score: 4, Interesting

Let's see... grinds system to a halt, hard if not impossible to remove short of a reinstall, gives you no information what it actually does, contacts its maker and downloads code after sending god knows what...
Yep. The pattern matches.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Some things I agree with, some I don't by Opportunist · 2012-02-07 03:55 · Score: 4, Insightful

I hold your frightening and raise you a "duh".
If you spend at least a month in IT security you'll easily see why duh. When you decide for that path, well, at least when I decided, the goal was to make the systems of the companies I work for secure. Safe from hackers, secure against all kinds of attacks. That was the plan, that was the goal.
Now, about 10 years into the business, the dream has faded. That's not what I do. What I do is writing guidelines and processes nobody reads or bothers to heed, ticking off checklists to be compliant with some law from the ancient days (i.e. any time more than a year ago in security) and generally trying to cover my ass for the moment when (not if, when) the shit hits the fan.
Because secure, we are not. But we're compliant with about any security protocol or certificate you could name. From BS7799 to ISO27001, from NERC1300 to pretty much all of its CIP substandards. And some PCI-DSS on top. Audit us by any standard you please, free choice, we'll pass.
Compliance != Security, though. It's better than nothing, I give you that. And some kind of standard has to be found or nothing will ever improve. The problem is that managers don't give half a shit about security. What they care about is the legal matter behind it. It's commendable that our lawmakers finally realized that companies that store important and private data should be forced to uphold some kind of security standard.
If we could now get some security standards that deserve the name, we could start talking.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
That's not entrapment by abigsmurf · 2012-02-07 04:22 · Score: 5, Informative

They had already committed the crime, the sting was to get them to give away their identity so they could be prosecuted for it. It's a legitimate tactic.