Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:04 PM
Connect Directly

Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican

Wave of high-profile retribution attacks in the wake of arrests of LulzSec hackers and its leader's secret work for the FBI -- and new developments with three of the suspects

Despite the shock that has rocked the LulzSec and Anonymous movement in the wake of the FBI's arrest of its leader and fellow members, the hacktivist group didn't waste much time in firing off retribution attacks. In its latest move, it claims to have posted Symantec's Norton AntiVirus 2006 source code online. The group also downed multiple Vatican websites last night.

A Symantec spokesperson says the company is aware of the supposed source-code posting -- which was made to The Pirate Bay -- and is investigating.

The hacker behind the apparent source-code dump, YamaTough, yesterday tweeted warnings that he would be leaking more from his Symantec code-theft spoils in response to reports of the arrest of LulzSec leader Sabu and five other hackers associated with the group's activities. YamaTough was apparently behind the posting online earlier this month of source code for Symantec’s pcAnywhere software. That led to Symantec warning its customers to upgrade pcAnywhere and to patch the software.

The apparent Symantec code-dump, as well as the DDoS attack on the Vatican, were on the heels of an attack on Panda Security.

Pedro Bustamante, senior research adviser in the office of the CTO at Panda Security, said the hackers accessed information for Panda marketing campaigns and "some obsolete credentials" for users who hadn't been with the company for more than five years.

Why the Catholic Church? A tweet from an Anonymous account claims it was for the "pure, simple lulz." But an AP report says Anonymous said it was in protest of the "corrupt Roman Apostolic Church" and in response to its "doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world."

But a security expert says there's likely a connection to a recent report about a previously failed attempt by Anonymous to hack the Vatican. The report, released by Imperva last week, basically provided a study of how the attack was deflected and how the group was unable to finish the job. "The DDoS attack on the Vatican website may be a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer," said Neil Roiter, research director for Corero.

[A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event. See Report Offers Insight Into Anonymous' M.O.. ]

The hacktivist underground was shaken this week by news that Sabu, who was identified by the FBI as Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, had pled guilty to 12 counts of computing hacking conspiracies and other crimes, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, and had been working for the FBI since the summer as a double agent to help nab other members of LulzSec.

Along with Monsegur, Ryan Ackroyd, a.k.a. Kayla, lool, and lolspoon; Jake Davis, a.k.a. Topiary and Atopiary; Jeremy Hammond, a.k.a. Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, and crediblethreat; Darren Martyn, a.k.a. pwnsauce, raepsauce, and networkkitten; and Donncha O'Cearrbhail, a.k.a. Palladium, were all charged with various computer crime offenses. Palladium appears to allegedly have been behind the leaked law enforcement conference call earlier this year that was intercepted by Anonymous, and was also charged in a separate complaint with "intentionally disclosing an unlawfully intercepted wire communication," according to the FBI.

HBGary, one of LulzSec's high-profile victims, called the arrests "good news." "We were appreciative of the hard work that a lot of FBI field offices put into [the case]," says Jim Butterworth, CSO of HBGary. "It wasn't a huge celebratory day [for us], but it was good news."

Butterworth says even with the high-profile arrests, Anonymous won't disappear by any means, nor will its activities. "This truly underscores that Anonymous is a brand name and anyone can step up" and use it, he says. "I don't believe we've heard the end of this."

Meanwhile, suspect Hammond, who is charged with allegedly hacking Stratfor, has a long history of activism. He was a featured speaker at DefCon12 in 2004, where he did a controversial talk on electronic civil disobedience rife with anarchist rhetoric that included invoking physical violence. He went by "CrimetheInc" and described himself as an anarchist hacker revolutionary and "an experienced political activist."

His talk elicited protests from the audience when he called for people to disrupt the Republican National Convention at Madison Square Garden, including shutting off power to Madison Square Garden and shutting down charter buses for the convention. "Let them call us terrorists: I'll still bomb their buildings," Hammond said towards the end of his session.

A DefCon official then stepped up to the podium and stated that the conference neither condoned nor associated with violent and illegal acts, and that in the eyes of law enforcement, these actions suggested by Hammond would be considered terrorism.

Meanwhile, the Associated Press reported yesterday that O'Cearrbhail, a.k.a. Palladium, had been released without charges by Irish police. This wasn't the first time he had been arrested and released for alleged hacking charges, either. According to the AP, Irish police are working on new evidence for prosecutors to use against him. Martyn already had been released and is in a similar situation, with new charges likely pending.

According to the AP article, it can take prosecutors months or years to determine whether to file charges, and the release of suspects is common.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/12/2012 | 6:04:59 PM
re: Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican
*****Please add me when you trust me,We will business good with all customer
Infor Contact Yahoo/Mail support 24/24:-

***Our Yahoo to support : Westernunion.black
***Mail to support - - -: [email protected]

- - -********THANKS YOU AND WELCOME ALL********
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
PUBLISHED: 2020-02-21
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
PUBLISHED: 2020-02-21
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent hea...
PUBLISHED: 2020-02-20
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial produc...
PUBLISHED: 2020-02-20
The Trend Micro Security 2019 ( and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the ...