Anonymous activists release PCAnywhere source code

An Anonymous-associated hacker says the source code is for Symantec's PCAnywhere remote access software, and the activist has threatened to publish code for Norton Antivirus 'within seven hours'

Anonymous activists have released source code for PCAnywhere onto the internet, hours after a hacker's negotiations for payment from Symantec broke down.

The code was posted on the Pirate Bay file-sharing website on Tuesday at around 5:40am, and the BitTorrent link was included in a post to the AnonymousIRC Twitter account, which has been used to publicise the activist group's claims in the past.

"Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need" - #AntiSec #Anonymous Spread and share!" said a statement accompanying the download link on Pirate Bay.

The security company told ZDNet UK the source code was bona fide on Tuesday.

"Symantec can confirm that the source code is legitimate," the company said. "It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to have been in possession during the last few weeks."

"Be advised, we also anticipate Anonymous to post the rest of the code they have claimed have in their possession. So far, they have posted code for the 2006 version of Norton Internet Security and PCAnywhere. We also anticipate that at some point, they will post the code for Norton Antivirus Corporate Edition and Norton Systemworks."

The appearance of the PCAnywhere code follows the failure of negotiations between a purported Symantec employee called 'Sam Thomas' and a hacker called 'YamaTough', who claimed to be a member of the Lords of Dhamaraja activist group, which is associated with Anonymous. In an email exchange posted on Pastebin, YamaTough appeared to be blackmailing Symantec for cash to destroy stolen source code, and the Symantec appeared to offer Yamatough $50,000 to do it.

However, the hacker claimed in a Tweet that he merely tricked Symantec into "offering a bribe", while the security company said the 'Sam Thomas' emails came from a fake account to investigate the "extortion" attempt.

"The communications with the person(s) attempting to extort the payment from Symantec were part of [a] law enforcement investigation," Symantec said in a statement on Monday. "Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."

The email discussions between the two broke down on Monday at 10:46pm, and YamaTough said in a Tweet at around 11:45am on Tuesday that source code for Symantec's flagship Norton Antivirus would be released "in 7 hours".

YamaTough claims to have access to source code for PCAnywhere, Norton Antivirus, Norton Internet Security, Norton GoBack, Norton Utilities and Norton SystemWorks code, and has said that code is now up for sale.

Access to source code allows hackers to find vulnerabilities and write exploits more efficiently than reverse engineering. Last week Symantec said it had patched its PCAnywhere remote-access software to fix vulnerabilities in the remote access software after warning customers not to use older versions following the theft of code.

The PCAnywhere warning came after Lords of Dhamaraja claimed to have accessed Indian military intelligence servers and found the Symantec code, a claim that was later called into doubt. Symantec said the source code leak came from a 2006 hack.