An Anonymous hacker tried to use stolen source codes to extort $50,000 from antivirus firm Symantec. Turned out it was a law enforcement sting. Now Anonymous is in spin mode, claiming the hacker was trying to raise money for poor kids in India.
The source code for some popular Symantec products, including pcAnywhere and Norton Antivrus, ended up in the hands of an Indian-based hacker named Yamatough, a member of the Anonymous-affiliated group the Lords of Dharamaja. This is a big deal, since the source code can give hackers a map to dangerous vulnerabilities.
But Yamatough graciously offered to keep the source code quiet—for a price. Over the past few weeks, he'd been negotiating with what he thought was a Symantec employee named "Sam Thomas." It was actually a law enforcement agent, according to Symantec. On January 25th, Yamatough reiterated his deal to Thomas:
We have a rule - and we always follow it:
If you are the owner - you have the right to be the first one
asked. That is why we kept silent at the time of negotiating with
?How much do you consider ENOUGH to pay us in order to
work all the issues out?
Name the price,
(You can read the full e-mail negotiations chain on Pastebin.)
Eventually they agreed on $50,000. But negotiations fell through yesterday, and Yamatough started releasing his source code last night.
In the email thread, Yamatough comes off looking like a common criminal trying to pawn off stolen goods, not a hacktivist crusading for freedom of information, as is Anonymous' typical mode. But instead of distancing themselves, the Anonymous apparatus has been conducting a Twitter-based PR campaign that is astonishing in its brazen absurdity.
The semi-official AnonymousIRC twitter argued Yamatough was just trying to raise funds for the Smile Foundation, a charity that benefits poor children in India.
"Tried to get Symantec donating to [The India Smile Foundation]. They didn't," AnonymousIRC tweeted.
Apparently nobody was dumb enough to believe that. Now AnonymousIRC claims it was never about money; Yamatough was just trolling Symantec.
"LOL!! press doesn't seem to understand #Symantec got trolled. Code was always set for public release since beginning."
Or as Yamatough told Reuters: "We tricked them into offering us a bribe so we could humiliate them."
This is pretty hard to believe, considering Yamatough negotiated over money for nearly a month, including working out such details as whether to use PayPal or Liberty Reserve to send the money. And Yamtough is a proven liar, having previously released fake Indian intelligence agency documents.
Trying to make money off of stolen data is one thing; common cybercriminals do that all the time. But it's depressing that Anonymous, which still holds a modicum of moral authority online, would try to so stupidly justify Yamatough's greed. Though Anonymous' recent digital bullshit suggests it might have given up on any high-minded ideals: Leaking the personal information of sexual assault victims and a Bradley Manning supporter, tricking bystanders into attacking websites, etc.