Some time ago (almost two years) Symantec released a patch to their security software that began sending collected data from client systems to a data center near Washington D.C. The data center’s IPs were unlisted and even the trace route to the destination IPs began being blacked out four or five hops before the final firewall. This caused an uproar with many posts on Symantec’s website.  Symantec unfortunately chose to delete the posts and in some cases ban the user from the forums. As you can imagine this played into the hands of the conspiracy guys and the information even ended up on Above Top Secret one of the largest conspiracy websites out there. Symantec never came clean about the incident which only fueled the fire.

Now the stakes are higher and the actual source code for Symantec’s PCanywhere has been pushed out onto the internet for all to download. This means that this product is pretty much useless for a secure means to access your system. Once the un-compiled source code is out it would not take long before people begin to find holes for their own remote access or develop malware to exploit those same holes.

This morning a tweet from @AnonymousIRC contained links to the source code on The Pirate Bay and a Pastebin link that contains emails between the hacker Yamatough and Symantec.

The emails are interesting to read and at one point make an offer of paying $50,000 in installments to the hackers if they agree to lie about the hack. Symantec still maintains that this source code is from 2006 and that they have fixed any vulnerabilities that might have existed. Now that the cat is out of the bag we will see if Symantec is right. In the meantime Symantec claims that the email exchange was all part of an investigation and not an attempt to hide anything.

Discuss this in our Forum