PC Anywhere Code Leaked After Failed Ransom Bid

Hackers have published source code that could be used to hack computers running Symantec's security program PCAnywhere. The move comes after the security firm refused to meet the hackers' demand for $50,000 in ransom.

As we reported last month, the code behind a range of Symantec products was originally stolen in 2006. It appears most likely the theft came after Indian military officials demanded access to the code before accepting it for official use.

Symantec may have learned of the theft only after hackers revealed they had it, earlier this year.

Symantec said in January that several applications were affected, but deemed the outdated code no security threat. It warned users of PCAnywhere, however, to disable the program wherever possible and await an overhauled edition.

The company said it feared hackers might follow through on their threat to publish the code, thus vastly increasing the chances of attempts to breach the software's security and the systems of those using it.

PC Anywhere Code Now Public

The hackers have now shared the software's source code via the BitTorrent system, with links published on several sites, including The Pirate Bay.

While only a few hundred people appear to have downloaded the code, so far, that's still a worrying number for Symantec. (Source: wired.com)

Fortunately, Symantec believes security patches it released last week are sufficient to prevent the leaked code from leading to any devastating effects. It now says customers can use PCAnywhere as long as they make sure to apply all of the latest security patches.

Hacker Tricked By Undercover Cop

Symantec has also revealed that a hacker attempted to extort $50,000 from it in exchange for keeping the source code from leaking online.

The hacker engaged in a series of email exchanges with what appeared to be a Symantec employee but was actually a law enforcement official posing as a company representative.

It appears the company never had any intention of paying a ransom, and its participation in the email exchange was merely a ruse to increase the chances of uncovering the hacker's identity. (Source: computerworld.com)

The hacker also threatened to publish the code for Norton Antivirus, though Symantec does not believe this code poses an active risk to the program's users.