Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:04 PM
Connect Directly

Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican

Wave of high-profile retribution attacks in the wake of arrests of LulzSec hackers and its leader's secret work for the FBI -- and new developments with three of the suspects

Despite the shock that has rocked the LulzSec and Anonymous movement in the wake of the FBI's arrest of its leader and fellow members, the hacktivist group didn't waste much time in firing off retribution attacks. In its latest move, it claims to have posted Symantec's Norton AntiVirus 2006 source code online. The group also downed multiple Vatican websites last night.

A Symantec spokesperson says the company is aware of the supposed source-code posting -- which was made to The Pirate Bay -- and is investigating.

The hacker behind the apparent source-code dump, YamaTough, yesterday tweeted warnings that he would be leaking more from his Symantec code-theft spoils in response to reports of the arrest of LulzSec leader Sabu and five other hackers associated with the group's activities. YamaTough was apparently behind the posting online earlier this month of source code for Symantec’s pcAnywhere software. That led to Symantec warning its customers to upgrade pcAnywhere and to patch the software.

The apparent Symantec code-dump, as well as the DDoS attack on the Vatican, were on the heels of an attack on Panda Security.

Pedro Bustamante, senior research adviser in the office of the CTO at Panda Security, said the hackers accessed information for Panda marketing campaigns and "some obsolete credentials" for users who hadn't been with the company for more than five years.

Why the Catholic Church? A tweet from an Anonymous account claims it was for the "pure, simple lulz." But an AP report says Anonymous said it was in protest of the "corrupt Roman Apostolic Church" and in response to its "doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world."

But a security expert says there's likely a connection to a recent report about a previously failed attempt by Anonymous to hack the Vatican. The report, released by Imperva last week, basically provided a study of how the attack was deflected and how the group was unable to finish the job. "The DDoS attack on the Vatican website may be a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer," said Neil Roiter, research director for Corero.

[A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event. See Report Offers Insight Into Anonymous' M.O.. ]

The hacktivist underground was shaken this week by news that Sabu, who was identified by the FBI as Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, had pled guilty to 12 counts of computing hacking conspiracies and other crimes, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, and had been working for the FBI since the summer as a double agent to help nab other members of LulzSec.

Along with Monsegur, Ryan Ackroyd, a.k.a. Kayla, lool, and lolspoon; Jake Davis, a.k.a. Topiary and Atopiary; Jeremy Hammond, a.k.a. Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, and crediblethreat; Darren Martyn, a.k.a. pwnsauce, raepsauce, and networkkitten; and Donncha O'Cearrbhail, a.k.a. Palladium, were all charged with various computer crime offenses. Palladium appears to allegedly have been behind the leaked law enforcement conference call earlier this year that was intercepted by Anonymous, and was also charged in a separate complaint with "intentionally disclosing an unlawfully intercepted wire communication," according to the FBI.

HBGary, one of LulzSec's high-profile victims, called the arrests "good news." "We were appreciative of the hard work that a lot of FBI field offices put into [the case]," says Jim Butterworth, CSO of HBGary. "It wasn't a huge celebratory day [for us], but it was good news."

Butterworth says even with the high-profile arrests, Anonymous won't disappear by any means, nor will its activities. "This truly underscores that Anonymous is a brand name and anyone can step up" and use it, he says. "I don't believe we've heard the end of this."

Meanwhile, suspect Hammond, who is charged with allegedly hacking Stratfor, has a long history of activism. He was a featured speaker at DefCon12 in 2004, where he did a controversial talk on electronic civil disobedience rife with anarchist rhetoric that included invoking physical violence. He went by "CrimetheInc" and described himself as an anarchist hacker revolutionary and "an experienced political activist."

His talk elicited protests from the audience when he called for people to disrupt the Republican National Convention at Madison Square Garden, including shutting off power to Madison Square Garden and shutting down charter buses for the convention. "Let them call us terrorists: I'll still bomb their buildings," Hammond said towards the end of his session.

A DefCon official then stepped up to the podium and stated that the conference neither condoned nor associated with violent and illegal acts, and that in the eyes of law enforcement, these actions suggested by Hammond would be considered terrorism.

Meanwhile, the Associated Press reported yesterday that O'Cearrbhail, a.k.a. Palladium, had been released without charges by Irish police. This wasn't the first time he had been arrested and released for alleged hacking charges, either. According to the AP, Irish police are working on new evidence for prosecutors to use against him. Martyn already had been released and is in a similar situation, with new charges likely pending.

According to the AP article, it can take prosecutors months or years to determine whether to file charges, and the release of suspects is common.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/12/2012 | 6:04:59 PM
re: Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican
*****Please add me when you trust me,We will business good with all customer
Infor Contact Yahoo/Mail support 24/24:-

***Our Yahoo to support : Westernunion.black
***Mail to support - - -: [email protected]

- - -********THANKS YOU AND WELCOME ALL********
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (, contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (, contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.