Krypt3ia

Look It’s A Birdie!

Ok, so everyone is all over this YamaTough extortion/bribery/leakage thing but I have not seen anything really about the elephant in the room. Everyone is all over the fact that the code has been leaked, that a faux Indian twitter acct is boasting all the time about being smarter than everyone, and that Symantec is full of shit trying to catch them/him in an extortion scheme by posting pastebin’s of email encounters by the players.

*blink*

Ummm… So… Yeah, uhhh.. the hack that the code came from was back in 2006 right? So, tell me.. Where has it been lo’ these many years? Who had it? Who hacked Symantec in the first place?

*Anyone?… Anyone?… Bueller?*

Bait and Switch

So Yama had some code that was probably given to him/them by “someone” recently to be used in any way they like. Yama and the skidz then decide to release that data to the world and attempt to shame Symantec (a company btw probably on the AntiSec hit list) and sow FUD about their already quite shitty (trust me) AV systems.

Hrmmmm…

Ok, well, the code is in the open now… OH NOES! But wait… What’s that niggling little voice yelling in the background?

Oh yeah.. SYMANTEC WAS COMPROMISED IN 2006!

So once again, I ask you.. Where has that code been all this time that Symantec had no idea it had been taken? Oh, and also, if they did not know they were hacked in 2006, what makes you all think that the rest of their code over the years has not been in the hands of those who hacked it back in 06?

*Do you see where I am going with this? Think chess here…*

Those who have had access likely were the types to either be nation state.. OR.. Selling the access to nation state actors. Who else would keep this quiet for soooo long huh? I mean all of you out there in the know, do you remember anyone spilling the beans that the source for Symantec was available? Personally, I think that the malware dev’s out there chose the BIGGEST target for AV (and we all know just how popular Symantec is don’t we?) and hacked it discreetly to gain access to code and develop malware that would avoid NAV altogether right?

Hello Mr. Elephant…

Seeing the Trees for the Forest

So, unless the facts are much more convoluted here and that there is a lot of lying going on (well, there is but you know, base facts here) then this stuff has been in the hands of someone.. Someone who probably did naughty things with it (Chairman Meow maybe? or Ol’ Pooty Poot?.. Or.. Ooh Israel perhaps?) Haven’t you all wondered about just how much malware lately seems to be able to switch off NAV altogether? Place itself in the whitelist area?

Yeah…

Meh, maybe it’s just me and my tinfoil hat paranoid tendencies eh?

Say… Isn’t that elephant’s trunk rooting around in Symantecs pocket?

Look at the birdie! Look at the birdie! LOOK AT THE GOD DAMNED BIRDIE!

K.