Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican

Wave of high-profile retribution attacks in the wake of arrests of LulzSec hackers and its leader's secret work for the FBI -- and new developments with three of the suspects

Dark Reading logo in a gray background | Dark Reading

Despite the shock that has rocked the LulzSec and Anonymous movement in the wake of the FBI's arrest of its leader and fellow members, the hacktivist group didn't waste much time in firing off retribution attacks. In its latest move, it claims to have posted Symantec's Norton AntiVirus 2006 source code online. The group also downed multiple Vatican websites last night.

A Symantec spokesperson says the company is aware of the supposed source-code posting -- which was made to The Pirate Bay -- and is investigating.

The hacker behind the apparent source-code dump, YamaTough, yesterday tweeted warnings that he would be leaking more from his Symantec code-theft spoils in response to reports of the arrest of LulzSec leader Sabu and five other hackers associated with the group's activities. YamaTough was apparently behind the posting online earlier this month of source code for Symantec’s pcAnywhere software. That led to Symantec warning its customers to upgrade pcAnywhere and to patch the software.

The apparent Symantec code-dump, as well as the DDoS attack on the Vatican, were on the heels of an attack on Panda Security.

Pedro Bustamante, senior research adviser in the office of the CTO at Panda Security, said the hackers accessed information for Panda marketing campaigns and "some obsolete credentials" for users who hadn't been with the company for more than five years.

Why the Catholic Church? A tweet from an Anonymous account claims it was for the "pure, simple lulz." But an AP report says Anonymous said it was in protest of the "corrupt Roman Apostolic Church" and in response to its "doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world."

But a security expert says there's likely a connection to a recent report about a previously failed attempt by Anonymous to hack the Vatican. The report, released by Imperva last week, basically provided a study of how the attack was deflected and how the group was unable to finish the job. "The DDoS attack on the Vatican website may be a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer," said Neil Roiter, research director for Corero.

[A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event. See Report Offers Insight Into Anonymous' M.O.. ]

The hacktivist underground was shaken this week by news that Sabu, who was identified by the FBI as Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, had pled guilty to 12 counts of computing hacking conspiracies and other crimes, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, and had been working for the FBI since the summer as a double agent to help nab other members of LulzSec.

Along with Monsegur, Ryan Ackroyd, a.k.a. Kayla, lool, and lolspoon; Jake Davis, a.k.a. Topiary and Atopiary; Jeremy Hammond, a.k.a. Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, and crediblethreat; Darren Martyn, a.k.a. pwnsauce, raepsauce, and networkkitten; and Donncha O'Cearrbhail, a.k.a. Palladium, were all charged with various computer crime offenses. Palladium appears to allegedly have been behind the leaked law enforcement conference call earlier this year that was intercepted by Anonymous, and was also charged in a separate complaint with "intentionally disclosing an unlawfully intercepted wire communication," according to the FBI.

HBGary, one of LulzSec's high-profile victims, called the arrests "good news." "We were appreciative of the hard work that a lot of FBI field offices put into [the case]," says Jim Butterworth, CSO of HBGary. "It wasn't a huge celebratory day [for us], but it was good news."

Butterworth says even with the high-profile arrests, Anonymous won't disappear by any means, nor will its activities. "This truly underscores that Anonymous is a brand name and anyone can step up" and use it, he says. "I don't believe we've heard the end of this."

Meanwhile, suspect Hammond, who is charged with allegedly hacking Stratfor, has a long history of activism. He was a featured speaker at DefCon12 in 2004, where he did a controversial talk on electronic civil disobedience rife with anarchist rhetoric that included invoking physical violence. He went by "CrimetheInc" and described himself as an anarchist hacker revolutionary and "an experienced political activist."

His talk elicited protests from the audience when he called for people to disrupt the Republican National Convention at Madison Square Garden, including shutting off power to Madison Square Garden and shutting down charter buses for the convention. "Let them call us terrorists: I'll still bomb their buildings," Hammond said towards the end of his session.

A DefCon official then stepped up to the podium and stated that the conference neither condoned nor associated with violent and illegal acts, and that in the eyes of law enforcement, these actions suggested by Hammond would be considered terrorism.

Meanwhile, the Associated Press reported yesterday that O'Cearrbhail, a.k.a. Palladium, had been released without charges by Irish police. This wasn't the first time he had been arrested and released for alleged hacking charges, either. According to the AP, Irish police are working on new evidence for prosecutors to use against him. Martyn already had been released and is in a similar situation, with new charges likely pending.

According to the AP article, it can take prosecutors months or years to determine whether to file charges, and the release of suspects is common.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights