Depending on who you talk to, Anonymous is either a righteous crusader out to expose corporate corruption by baiting a computer security company into offering it a bribe, or a vicious criminal syndicate using stolen data to extort money. As the story of how Norton Antivirus maker Symantec may have offered -- or may have been pressured into offering -- Anonymous money makes its way into the mainstream press on Tuesday, the latter version dominates. What started as another Anonymous prank to make a tech giant look bad now looks like either a very real extortion attempt or, at best, a PR stunt that blew up in the hackers' faces.
The whole thing started on Monday, when Anonymous posted on its Twitter account a link to a Pastebin posting that details a conversation apparently between a Symantec employee named Sam Thomas and a hacker named YamaTough, in which Thomas offers YamaTough $50,000 to keep him from releasing the PCAnywhere source code. A few hours later, the account @YourAnonNews posted a link to a torrent making the source code available. The damage was done, the code was out, and that's when the PR battle began.
Symantec, which has previously acknowledged hackers made off with some of its source code, said on Tuesday that Thomas was not an employee, but rather a member of law enforcement that the company called when it realized it was getting blackmailed by YamaTough. YamaTough's a part of the Indian hacking group Lords of Dharmaraja, which accessed Symantec's code in early January. He was working with Anonymous in this case. The emails in the Pastebin document show that he expected to get paid, and that "Thomas" wanted to pay him. One in which Thomas swears not to be FBI reads, in part:
We can't pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.
But as the story got picked up in the press over the course of the day, Symantec's own claim that the hack was an extortion attempt started making its way into the headlines: "Anonymous Hackers Tried to Blackmail Symantec," reported Fox News. Symantec says Hackers Tried Extortion," reported The New York Times Bits blog.
Why, we wondered, would Anonymous post the emails when they show Anonymous engaged in a pretty unsavory practice? The answer might be as simple as this: Symantec took them by surprise by coming out and telling reporters it was working with law enforcement in a sting operation, and Anonymous, for all their computer skills, was just not good enough at PR to counter that.
One problem with Anonymous's story: The emails posted to Pastebin don't go all the way back to the first messages. They start mid-conversation, so you can't tell who brought up the money first. The file's posted by a Pastebin user named SamThomas, so it seemed that maybe Symantec's law enforcement ally had posted the files himself. But no. Symantec told us that Anonymous had first posted the Pastebin documents, and that it first brought up the $50,000, too. Symantec spokesman Cris Paden wrote in an email:
Yesterday afternoon they tweeted that we tried to bribe them; then, to back that claim up, they posted the e-mail exchange; it was only after we responded via the media that they had been dealing with law enforcement all along and we never had any attention of acquiescing to their extortion demand – and it was clear they weren’t going to get any money – that they posted the pcAnywhere code around 9:30 p.m. Pacific time last night.
As the headlines reporting Anonymous's alleged extortion built up over the day, it tried to set the record straight via Twitter: "LOL!! press doesn't seem to understand #Symantec got trolled. Code was always set for public release since beginning," wrote the AnonymousIRC account. One prolific Anonymous member who goes by Sabu wrote frustratedly to reporter Steve Musil, "Fix your articles title. It should say: 'Symantec offers Hackers $50,000 in return for not releasing source code.'" Musil so far hasn't changed the headline on his CNET story: "Hackers wanted $50,000 to keep Symantec source code private."
The problem is, Anonymous isn't offering any additional evidence to back up its claims that Symantec tried to bribe it. That would mean publishing the first part of the email exchange, which it hasn't done. It ran into a similar problem when Anonymous splinter group Lulzsec tried to pin a similar bribery accusation on Unveillance in June, and got accused of extortion instead. Symantec hasn't offered any proof it's actually working with law enforcement, but claiming it's doing so suggests that at some point there'll be a whole bunch of proof as the case goes to prosecution -- or at least stops being a secret.
In the meantime, the law enforcement claim gives Symantec a reasonable excuse for keeping the alleged extortion attempt quiet. Paden wrote: "We didn’t disclose anything ourselves because the investigation was still going on. Of course we weren’t going to tell the world we were getting extorted; we did what you’re supposed to do – inform the authorities and follow their lead and experience in pursuing extortion cases. But when Anonymous posted the e-mails and accused us of bribery, we had no choice to but correct those claims by disclosing the investigation."
This article is from the archive of our partner The Wire.