Call it an attempted sting. A group of hackers claimed to possess source code for Symantec's pcAnywhere and Norton Antivirus software -- and wanted $50,000 in exchange for not leaking the code.
What the hackers didn't know was that it wasn't Symantec they were negotiating with in the e-mail exchange. Law enforcement officials acting as a Symantec employee were on the other side of the virtual communication.
The drama began in early January. That's when Symantec revealed that a segment of its source code for Norton products was stolen in a breach. An Indian hacking group called Lords of Dharmaraja claimed it got its hands on source code used in the Norton anti-virus program. The group later claimed affiliation with the "hacktivist" group Anonymous.
The lengthy e-mail exchange began Jan. 18, but in the end apparently no money changed hands and no arrests were made.
Reuters obtained some of the e-mails from the hacker group. One, from a fake Symantec employee "Sam Thomas," read: "We can't pay you $50,000 at once for the reasons we discussed previously. In exchange, you will make a public statement on behalf of your group that you lied about the hack."
But the hackers turned the tables on Symantec. YamaTough, a hacker affiliated with Lords of Dharmaraja, told Reuters, "We tricked them into offering us a bribe so we could humiliate them."
Lords of Dharmaraja already embarrassed Symantec in late January. The theft led Symantec to advise customers using pcAnywhere to disable the software. Symantec disclosed that the source-code theft appeared to be the result of a security breach that occurred in 2006. In order to avoid man-in-the-middle attacks, Symantec suggested clients stop using the software until a patch was ready.
Charles King, principal analyst at Pund-IT, called the Symantec drama an "ugly little story on every level." He said he expected to see more stories like this as hackers become increasingly sophisticated. As he sees it, even security companies are being forced to behave in a reactive rather than proactive manner.
Case in point: RSA. RSA's SecureID tokens were hacked last March. Hackers attacked RSA servers and walked off with they could use to compromise the security of two-factor authentication tokens that 40 million people used to access secure government and corporate networks.
Then it got worse. On June 2, RSA confirmed that data stolen from the company in March was used in an attempted attack on Lockheed Martin, a major U.S. government defense contractor. Lockheed reportedly thwarted the attack.
King said such attacks on security firms brought to mind Willie Sutton, a prolific U.S. bank robber who robbed about 100 banks from the late 1920s until his final capture in 1952. Once, when he was caught, someone asked him why he robbed banks. "That's where the money is," he replied.
"If you are a hacker and you want the crown jewels -- if security is an issue you are trying to dance around -- you hack the security company, because that's where the is," King said.