News stories like this show how important software testing is for security. Software defects have the potential to cost a business far more than its reputation. Hackers can take advantage of software defects to blackmail businesses for financial gain. Here’s an example of this practice in real life from our guest blogger Alex Smith…
A group of hackers has attempted to blackmail security software company, Symantec in exchange for keeping stolen source code private.
The hackers released a batch of emails to the public that were sent from the FBI posing as Sam Thomas a representative of Symantec.
Officers from the FBI offered the hackers $50,000 or £32,000 in return for the stolen source code. Since negotiations have broken down more source code has been released which is obviously a major concern for Symantec and their customers.
Symantec have been working closely with the FBI after being contacted by the hackers in January.
Our Software Testing Training courses are all accredited to provide delegates with an industry recognised software testing qualification. Get a foot in the door of the software testing industry by learning the best practice approach through ISEB/ ISTQB courses.
It is believed that the hackers are affiliated with the Lords of Dharmaraja who are part of the hacking group Anonymous.
If this is true it is unusual as attacks from Anonymous are usually politically motivated instead of being use to hold companies to ransom. Last year the group threatened to shut down 60,000 Facebook servers.
In the series of emails the hackers are asked to make a statement to the public saying that the hack was a hoax.
Source code stolen
On Tuesday an account belonging to Anonymous revealed that over a GB of the Symantec source code from the PC Anywhere Software had been uploaded to the file sharing site, The Pirate Bay.
Symantec did not comment on this announcement but to be on the safe side they have provided advice for businesses using the PC Anywhere Software.
Risky business
After the January hack all users of PC Anywhere where told to stop using it where possible causing disruption for thousands of businesses.
PC Anywhere provides users with remote desktop and remote access services. Symantec have confirmed that the hackers stole the old source code but this has exposed weaknesses in the latest version of the software.
PC Anywhere was not the only software to be affected. Symantec also revealed that their Norton Antivirus Corporate Edition and Norton Internet Security has also been affected.
Despite this only PC Anywhere has been compromised, Symantec are releasing information and patches to help businesses deal with any security issues.
Difficult times
This obviously causes huge problems for Symantec who have built a reputation for providing security and anti-virus software.
This crisis is obviously going to damage the brand name among their customers. The most worrying issue is that most users of PC Anywhere are businesses exposing further risks to Symantec’s customers.
Symantec are not the first organisation to be targeted by Anonymous after attacking the American Department of Justice last year and most recently the Syria’s ministry of presidential affairs.
Alex Smith is an IT blogger with an avid interest in IT security services and security software.