On Monday, details emerged of what appeared to be an email exchange between a Symantec employee and a hacker using the alias “YamaTough” who claimed he was in possession of Symantec source code back in January, showing that the hacker may have attempted to extort the company, and that Symantec had been negotiating a deal to pay the hacker in exchange for the code not to be released. The exchange, however, was not between Symantec and the hacker, but between law enforcement and the hacker, Symantec tells SecurityWeek.
According to Chris Paden, Senior Manager, Corporate Communications at Symantec, the e-mail string posted by Anonymous was actually between them and a fake e-mail address set up by law enforcement.
“Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code,” Paden told SecurityWeek. “At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them.”
The email exchange (pasted below), showed several strings of discussions, and what appeared to be a “deal” in which Symantec would pay the hacker $50,000 over a period of time, assuming the hacker held his end of the bargain.
After a special email account was supposedly setup in order to protect its network from the hacker, “Sam Thomas”, a law enforcement agent appearing to be a Symantec Employee, made the following offer: “We can’t pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.”
After the initial email communication, all subsequent communications were actually between Anonymous and law enforcement agents – not Symantec, Paden Said. The full exchange is below.
Paden also provided the following statement on the incident to SecurityWeek:
“In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.”
“This was all part of their investigative techniques for these types of incidents,” Paden added.
On January 6, 2011, Symantec confirmed with SecurityWeek that source code for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 had been accessed by an attacker. Following that, on January 18, 2011, Symantec acknowledged that source code for older versions of its Norton security products did in fact leak out.
Since the talks broke down and no deal was made, Anonymous hinted that more Symantec source code would be released. “#Symantec software source codes to be released soon. stay tuned folks!!! #Anonymous #AntiSec #CockCrashed #NortonAV” the @AnonymousIRC account Tweeted late Monday.
Late Monday night, source code to Symantec’s pcAnywhere was reportedly released as well. Symantec has not yet confirmed or denied the claims, but said it is currently analyzing the files. Based on previous claims and patterns, it’s likely that the hackers claims hold true and that the code has been accessed.
The email exchange between the hacker and what appears to be a Symantec employee, but is actually law enforcement, is as follows:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by dresden.tpn.terra.com (LMTP); Mon, 06 Feb 2012
22:46:44 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: 20e97f0beec48fe7d7f342c6235ad3dd
Received-SPF: pass (10f.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 10f.tpn.terra.com (Postfix) with ESMTP id 0A2F34800009F
for ; Mon, 6 Feb 2012 22:46:44 +0000 (UTC)
Received: by obhx4 with SMTP id x4so8224794obh.6 for ;
Mon, 06 Feb 2012 14:46:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=23/wf8nVOU5hENAb5VDUJ5t3n3E3TgXa4ItZ5HLWl2A=;
b=E8ofKWBV1EC7n6PKCg0xabZy+G0pW28Aq0KFmAvLcbZBv2SOU2epuBi5s48YFXaahm
+0PqqZzgXKV8KMXNs8YmrdcLTdsw3nGwjP5Rr+SIxAwKfm90hguwGwOkKWFZOi5dGmNP
RMYPsKcRROHu7A03mdsGU0gOlbEJ6q248kZI0=
Received: by 10.182.182.69 with SMTP id ec5mr3656893obc.48.1328568403814; Mon, 06 Feb
2012 14:46:43 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Mon, 6 Feb 2012 14:46:43 -0800 (PST)
In-Reply-To:
References:
Date: Mon, 6 Feb 2012 14:46:43 -0800
Message-ID:
Subject: Re: 10 minutes
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1425764651; fs=1002; ns=115;
id=a123GLF9Z2_Q0VH-162246i7; rv=6463/208.84.242.247:14051; ts=GZfzv; gv=77;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=OgPcsB9PfVh; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=P9m2Rw1pwUC;
ZB=E+kXCy56DYf; ZB=MLnR63lUpB+; ZB=IwYAvgXVvTE; ZB=tNJE9XQMt+;
ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9Z2_Q0VH-162246i7
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=14dae939954fc4eab904b8536fe2
X-Terra-Spam: No
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
07 February 2012, 02:46:43
10 minutes
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
We can’t make a decision in ten minutes. We need more time.
2012/2/6 yamatough
Since no code yet being released
and our email communication wasnt also released
we give you 10 minutes to decide which way you go
after that two of your codes fly to the moon PCAnywhere and Norton
Antivirus totaling 2350MB in size (rar)
10 minutes if no reply from you we consider it a START
this time we’ve made mirrors so it will be hard for you to get rid of
it
Mensaje verificado por el Antispam Terra.
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by betune.tpn.terra.com (LMTP); Mon, 06 Feb 2012
20:13:42 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: 99ba319117ba4a5e12cf5f9f8673a7d9
Received-SPF: pass (10f.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 10f.tpn.terra.com (Postfix) with ESMTP id 5900048001FDF
for ; Mon, 6 Feb 2012 20:13:42 +0000 (UTC)
Received: by obhx4 with SMTP id x4so8021342obh.6 for ;
Mon, 06 Feb 2012 12:13:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=EErmYZ/ucUVxwKL533xdeuqK0BPTRY3KWGbKqTC7ypY=;
b=ICoNCvsphPlr7kjrVRyP72fn0xV5gnagWS3h2iM1JOXZA1umF89qFbmeytSV5kWKkv
arb76A5ycS3yF0LoOiU0to740rleCdEX7zufChNPfkuIPF+jnhd7x0CNsIInMgLlOD8D
5K1qyEls5yuHPGpinWTDMmrJtxCGZq7jBNix0=
Received: by 10.182.15.105 with SMTP id w9mr18007067obc.18.1328559222130; Mon, 06 Feb
2012 12:13:42 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Mon, 6 Feb 2012 12:13:42 -0800 (PST)
In-Reply-To:
References:
Date: Mon, 6 Feb 2012 12:13:42 -0800
Message-ID:
Subject: Re: ?
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1423564146; fs=1002; ns=108;
id=a123GLF9Z2_Q0VH-162013gg; rv=6463/208.84.242.247:14051; ts=GZdkR; gv=81;
fp=IgUA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=X5OEYEeuyT; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=I6W0DC9w0vf;
ZB=GJnJYx9dHi; ZB=JC7SQxsoT/F; ZB=BZ2mSxiXhuW; ZB=Bm4Vi51W7yh;
ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9Z2_Q0VH-162013gg
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0447f2d87f871104b8514c16
X-Terra-AV: Clam AntiVirus/0.97/13555
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
07 February 2012, 00:13:42
?
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
We’ve looked into Liberty reserve and offshore accounts. These options wont work. We want to protect our code but we need other options.
2012/2/6 yamatough
your silence considered as No
r we clear?
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by sintaluta.tpn.terra.com (LMTP); Thu, 02 Feb 2012
00:27:14 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: f744abc2924cc4f9a95e4d5a355b7155
Received-SPF: pass (1mn.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 1mn.tpn.terra.com (Postfix) with ESMTP id 56AD9580000F9
for ; Thu, 2 Feb 2012 00:27:14 +0000 (UTC)
Received: by obhx4 with SMTP id x4so2321153obh.6 for ;
Wed, 01 Feb 2012 16:27:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=mphp48nmgtu/+oIjKa04lH5YBCw3IrTuJ0SSMDeXrKc=;
b=MCDNa04FWRqtg6i5GS3Q1q9Jlod1+1mOmS/bJQt17BO9YrEd3pNxvFUvNm6to5WHoN
BVzH8HsNGhr8fMCTC38Ew5kLTPNY16e/hEbsMHSrsAb/gFEMwff2gvgzAB78D62+hSen
81nYFd9IVEtCtZ3nmp++Qo2i8G0lsdYS4jpDw=
Received: by 10.182.122.70 with SMTP id lq6mr694078obb.8.1328142434128; Wed, 01 Feb
2012 16:27:14 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Wed, 1 Feb 2012 16:27:14 -0800 (PST)
In-Reply-To:
References:
Date: Wed, 1 Feb 2012 16:27:14 -0800
Message-ID:
Subject: Re: say hi to FBI
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.250:2001; rg=B; GT=1201989981; fs=1002; ns=78;
id=a113GLF9S6zR0VH-120027EE; rv=7182/208.84.242.250:14051; ts=GX3z9; gv=52;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=L62CYxlvyEs; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=JPo43C0+JSE;
ZB=JVS4zS76dUz; ZB=FhjlcwMYb2u; ZB=CrskZsO9604; ZB=F8CNJ2j/p/6;
ZF=GWmuk3qhgFc;
X-CLX-ID: a113GLF9S6zR0VH-120027EE
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d044786bbff531504b7f04123
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
02 February 2012, 04:27:14
say hi to FBI
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
We are not in contact with the FBI. We are using this email account to protect our network from you.
Protecting our company and property are our top priorities.
We can’t pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem.
Obviously you still have our code so if we don’t follow through you still have the upper hand.
2012/2/1 yamatough
Say hi to FBI agents,
It’s funny you do not use your corp account anymore =)
We wonder why is that be that way? =)
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by ochaua.tpn.terra.com (LMTP); Wed, 01 Feb 2012
20:28:33 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: af82f2c4cfe5a4120f77b758d8054364
Received-SPF: pass (16g.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 16g.tpn.terra.com (Postfix) with ESMTP id 8EDA540000159
for ; Wed, 1 Feb 2012 20:28:33 +0000 (UTC)
Received: by obhx4 with SMTP id x4so2022939obh.6 for ;
Wed, 01 Feb 2012 12:28:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=oqgo78l6waTiL04qrVebDRkEu/HLkIcIGEyi0qWYxF8=;
b=n05BAXBCWv8CbF/egPHX09l5pwsZjx5SYsbYroqjvmSJI6oN2L5heH/kL84qunR14W
k5xfSUKu+s2q+JdxFk8aU+VPycLl5gBgQysSK7dCcPyhBqTJRP20ta/VxSWbOYiwNxZq
+uI0j4afVMVzlr2lFmrT3NjbVW2XEynYsB4EI=
Received: by 10.182.15.105 with SMTP id w9mr52510obc.18.1328128113360; Wed, 01 Feb
2012 12:28:33 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Wed, 1 Feb 2012 12:28:33 -0800 (PST)
In-Reply-To:
References:
Date: Wed, 1 Feb 2012 12:28:33 -0800
Message-ID:
Subject: Re: sorry
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1326007330; fs=1002; ns=100;
id=a123GLF9R74V0VH-112028Xi; rv=6463/208.84.242.247:14051; ts=GX0UM; gv=86;
fp=IgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=GqqaB4l4OKE; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=I6W0DC9w0vf;
ZB=LAm+BrfmKwS; ZB=K/eiWqUq9pj; ZB=C14eP+cWNI9; ZB=KNDg+ofDkav;
ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9R74V0VH-112028Xi
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0447f2d869beed04b7ececaa
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
02 February 2012, 00:28:33
sorry
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
So now what does this mean?
2012/2/1 yamatough
I am afraid we have to cancel the whole deal because our offshore people
wont let us securely get the money because they wont process amounts less
than 50k a shot. Therefore we are afraid we can not proceed with you on the
conditions offered.
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by dresden.tpn.terra.com (LMTP); Tue, 31 Jan 2012
22:59:08 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: dbd415b5b100167c819d2614e7495fc2
Received-SPF: pass (17j.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 17j.tpn.terra.com (Postfix) with ESMTP id 8627240000147
for ; Tue, 31 Jan 2012 22:59:06 +0000 (UTC)
Received: by mail-tul01m020-f175.google.com with SMTP id x4so668410obh.6 for
; Tue, 31 Jan 2012 14:59:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=FunkGO/4eZHmL6XIJBN+7YYFaB795ag4JxhGifY2z8s=;
b=VoiQFAlkpH4lUs0daHaK8JeQ12COq4XkNZ0iT9LQwy4gwAowIFIVZkcdvSbhdY37XP
QYR8ZaAHhhLzxduJWCFuufq+WTzg4XPstsOIug6rb51bzYiZBbb9TkbwxoMlTnmYSD0g
FJlWifijbiRjmPe2t5c8VF4i+Lb+pRHvMaBpY=
Received: by 10.182.8.69 with SMTP id p5mr37206659oba.28.1328050746331; Tue, 31 Jan
2012 14:59:06 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Tue, 31 Jan 2012 14:59:06 -0800 (PST)
In-Reply-To:
References:
Date: Tue, 31 Jan 2012 14:59:06 -0800
Message-ID:
Subject: Re: please read carefully
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.250:2001; rg=B; GT=1177151336; fs=1002; ns=56;
id=a113GLF9T14W0VH-0V225981; rv=7182/208.84.242.250:14051; ts=GXhbX; gv=81;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=JFxW9e9Z6Z6; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=GaEtvWQOFq+;
ZB=JFcxjBkOpMc; ZB=GuCbAytOoez; ZB=LuKQbPZoxnw; ZB=EF3/Y2n4a1Z;
ZF=GWmuk3qhgFc;
X-CLX-ID: a113GLF9T14W0VH-0V225981
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0444ec4bfa932904b7dae890
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
01 February 2012, 02:59:06
please read carefully
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
Got your message.
We are still looking into Liberty Reserve but we have to figure out how to get our money safely into our Liberty Reserve account through an exchanger.
We will pay you $50,000.00 USD total.
However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.
You know how the corporate environment works and we have to treat this like a business transaction.
On Tue, Jan 31, 2012 at 12:26 PM, yamatough wrote:
No offence, nobody’s trying to give you a hard time.
We have a clear understanding on how things work inside corp environment.
Do not send us any money (we do not use paypal period) do not send us any 1k etc.
We can wait till we agree on final amount.
Please confirm that you received this message so we are not anxious.
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by embro.tpn.terra.com (LMTP); Tue, 31 Jan 2012
19:54:55 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: 7c02bbf24ed328ff61e832c3d09b4ca0
Received-SPF: pass (17j.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 17j.tpn.terra.com (Postfix) with ESMTP id 1B69C40000152
for ; Tue, 31 Jan 2012 19:54:55 +0000 (UTC)
Received: by obhx4 with SMTP id x4so434709obh.6 for ;
Tue, 31 Jan 2012 11:54:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=gwQpYkjWiAAyxAKpS18dTn8Su+UFZQ+Dcu41A6zUDLA=;
b=rTB2y+rvjo/l54sli2QLhwBEfOW3hzu0509q0KCYx78T/Tw6WcFrOPSdAXA/sB50te
RErApS9/YPk+QGBk+2ThPf5sphneaMzYRha30902Iparyr+KeujHWhsHuluuM2Vt+Wt0
hJE8W1xPMleKr2SCTag2HL4nATlCgykQhufyI=
Received: by 10.182.85.103 with SMTP id g7mr7451466obz.38.1328039694876; Tue, 31 Jan
2012 11:54:54 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Tue, 31 Jan 2012 11:54:54 -0800 (PST)
In-Reply-To:
References:
Date: Tue, 31 Jan 2012 11:54:54 -0800
Message-ID:
Subject: Re: ???
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1296481718; fs=1002; ns=90;
id=a123GLF9T14W0VH-0V1954tP; rv=6463/208.84.242.247:14051; ts=GXeuq; gv=93;
fp=IgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=HvoZSM1QCS4; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=GJGwsVewMPV;
ZB=KnUwggNLzQQ; ZB=EEl8VrDR3jf; ZB=FSYTOoHCQkA; ZB=ELSURW8nsgd;
ZU=JO9nLs7Cm6N; Zu=NYQgQ25VUg9; ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9T14W0VH-0V1954tP
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0447898742bef604b7d85656
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
31 January 2012, 23:54:54
???
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
We already told you we are doing the best we can. You threatening to release the code is not helping the situation.
We’ve been looking into Liberty Reserve. Looks like we have to use an exchanger to get money into our Liberty Reserve account.
This is more complicated than we expected.
Our plan was to get you $1,000 by the end of the week as a test and a sign of good faith but we don’t know if we can make this work
that quickly through Liberty Reserve.
We’ve used paypal numerous times and we know how it works. We can definitely send you $1,000 by the end of the week through
paypal until we can get Liberty Reserve setup for a large payment. We will send the paypal payment to the yamatough@terra.com.ve
email address on Friday.
On Mon, Jan 30, 2012 at 5:50 PM, yamatough wrote:
there are no options but :
Liberty Reserve (tell your people to look into their website www.libertyreserve.com and check how it works – its easy we shall give you our account number within the LR system and you send money from your LR acct to ours) To put money on ya LR account you can do by wire transfer within the USA etc. just check the website
this option is nice for you because it leaves the FATF and Anti Terror units behind and raises no suspicions like the Lithuanian transfer would.
Wire transfer to a bank account in Lithuania or Latvia is also an option.
Above mentioned are the only ways to work it out.
We are afraid if you can not comply we proceed with the release.
What are the guarantees that we wont come back for more? – NONE ofcourse, you have to trust us on this one, if we were really bad guys we would have already released or sold your code at the time of exchanging emails with you which is almost a month – AND WE KEPT SILENT all that time and stuck to our word given to you.
So – No Guarantees – Trust Us – We wont come back and wont manipulate the code.
At least it is worth a try and we assure you we are man of honor we keep our promise.
What you are going to get if no agreement reached? – We both know.
Partial release of code – Official Auction Bidding on some of it – 0day exploitation
That happens as soon as we understand your negative call.
As of files sent to you partially – we are getting tired of all this please do not make us more angry than we already are you know we got the full line so please nothing is going to be send to you once again.
Time’s up – We are patient to get Positive or Negative from you. You have two options to complete Wire. And name the price. Period.
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by betune.tpn.terra.com (LMTP); Tue, 31 Jan 2012
01:22:25 +0000 (UTC)
X-RP-Score: 64
X-Terra-Karma: -2%
X-Terra-Hash: 9b79ea50dfa55112d0ced64148e50e60
Received-SPF: pass (1zx.tpn.terra.com: domain of gmail.com designates 209.85.214.195 as
permitted sender) client-ip=209.85.214.195;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f195.google.com;
Received: from mail-tul01m020-f195.google.com (mail-tul01m020-f195.google.com
[209.85.214.195])
by 1zx.tpn.terra.com (Postfix) with ESMTP id D5EFE20000046
for ; Tue, 31 Jan 2012 01:22:24 +0000 (UTC)
Received: by obbwc12 with SMTP id wc12so533762obb.6 for
; Mon, 30 Jan 2012 17:22:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=zwKfQHbFIY7a0W6Bhq8L2jkZSNqsKgJ95akIdad2ckM=;
b=weEYGKVfdCFgTLtoFZd+cWMvUAxzGwJIapCCwtqgY0SnRgoBFTxHv25Wc3dqLdtJ/g
po9jOKBmWn7YLfCLw6iozIYLi8jezU0BkGGB2ts5J9FTMW0zc4VnG+ygDw56adiQrnNq
EBUBT8hO2/En/qzyjVcb7HM1j2yznaYRjL06c=
Received: by 10.182.11.71 with SMTP id o7mr29011050obb.58.1327972944562; Mon, 30 Jan
2012 17:22:24 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Mon, 30 Jan 2012 17:22:24 -0800 (PST)
In-Reply-To:
References:
Date: Mon, 30 Jan 2012 17:22:24 -0800
Message-ID:
Subject: Re: ???
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.250:2001; rg=B; GT=1154561602; fs=1002; ns=259;
id=a113GLF9V06B0VH-0V0122P3; rv=7182/208.84.242.250:14051; ts=GXObs; gv=67;
fp=IgEA; fu=B; fl=HAA; ip=209.85.214.195; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=HvoZSM1QCS4; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=C08vuz24GK4;
ZB=OFu/4J8A+vD; ZB=D6HzwP3IDIK; ZB=Humaww5t00E; ZB=Hz1oIb/AtQD;
ZF=GWmuk3qhgFc;
X-CLX-ID: a113GLF9V06B0VH-0V0122P3
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0447f2d0a1c87204b7c8cb94
X-Terra-AV: Clam AntiVirus/0.97/13555
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
31 January 2012, 05:22:24
???
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
We are really trying to work with you but we can’t meet all the deadlines that you keep throwing at us. We need approvals by a lot of people who all have different opinions. This is the first time we’ve heard of Liberty Reserve and we are hesitant to just wire money straight to an offshore account.
You didn’t provide all the files requested last time. What assurances can you provide that once we pay, you will actually destroy the code and not ask for more money?
Finance is asking us what offshore account it is and also how we could make a payment through liberty reserve. Send us that info to give to them. If they shoot these options down, do you have any other ways to accept your payment?
We are willing to do what it takes to get our code back and protect our customers but we’ve never been in this position before. Please be patient and we will find something that works for both of us.
2012/1/30 yamatough
you have 24 hours for a definite answer
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [10.235.200.100] by dresden.tpn.terra.com (LMTP); Mon, 30 Jan 2012
17:12:24 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: 3f512e765e6524d99f30b21a281c8a0d
Received-SPF: pass (1sd.tpn.terra.com: domain of gmail.com designates 209.85.161.175 as
permitted sender) client-ip=209.85.161.175;
envelope-from=sam.thomas.sym@gmail.com; helo=mail-gx0-f175.google.com;
Received: from mail-gx0-f175.google.com (mail-gx0-f175.google.com [209.85.161.175])
by 1sd.tpn.terra.com (Postfix) with ESMTP id AD80E100001F1
for ; Mon, 30 Jan 2012 17:12:24 +0000 (UTC)
Received: by ggnp4 with SMTP id p4so1881734ggn.6 for ;
Mon, 30 Jan 2012 09:12:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=AS+e3TulZf8Zp8NWu0f0zxTQDxhRc18qoVTMPMf95sA=;
b=He4u1jr/kgmKbcqZbtKomEaBBjVB6ZXwEGEq2DUq9pjfjJktlx0eM9pql34nUuwwM5
BXjM3FHWRP3JQSkbZ7mHO9oudgVuBmjLAyYt7flJbAMz02qOx/BS0C38fVWiCGzTVr56
jjMBeMrtYKxNPMOsa0tUf2ZpSfqw7fpTM264Q=
Received: by 10.182.41.98 with SMTP id e2mr28183236obl.68.1327943544487; Mon, 30 Jan
2012 09:12:24 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Mon, 30 Jan 2012 09:12:24 -0800 (PST)
In-Reply-To:
References:
Date: Mon, 30 Jan 2012 09:12:24 -0800
Message-ID:
Subject: Re: monday
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.248:2001; rg=B; GT=-1257252883; fs=1002; ns=290;
id=a133GLF9a1m90VH-0U1712O1L; rv=6463/208.84.242.248:14051; ts=GXHQT;
gv=100; fp=IgEA; fu=B; fl=HAA; ip=209.85.161.175; he=LC1A/Um00ti; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=F4vQlBC+JTL; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=oESoXWaQwo;
ZB=I6W0DC9w0vf; ZB=MEyrNik67KX; ZB=Ek/8uFyZZt2; ZB=O8IbS5iQ0YP;
ZF=GWmuk3qhgFc;
X-CLX-ID: a133GLF9a1m90VH-0U1712O1L
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0444eccd403f2504b7c1f38f
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
30 January 2012, 21:12:24
monday
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
Before we can discuss a dollar amount, we need to figure out how the payment is going to be made.
2012/1/25 yamatough
We expect answer by monday.
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by quesnel.tpn.terra.com (LMTP); Wed, 25 Jan 2012
21:13:10 +0000 (UTC)
X-RP-Score: 65
X-Terra-Karma: -2%
X-Terra-Hash: ba1edb11e8ba1410b0a8ce9a5fa2b2af
Received-SPF: pass (13m.tpn.terra.com: domain of gmail.com designates 209.85.214.195 as
permitted sender) client-ip=209.85.214.195;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f195.google.com;
Received: from mail-tul01m020-f195.google.com (mail-tul01m020-f195.google.com
[209.85.214.195])
by 13m.tpn.terra.com (Postfix) with ESMTP id AF8FB8008006D
for ; Wed, 25 Jan 2012 21:13:10 +0000 (UTC)
Received: by obbwc12 with SMTP id wc12so650142obb.6 for
; Wed, 25 Jan 2012 13:13:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=EzIQgN61aW2rj+rSaFWMpJpNdVzKxw0V6tqcTV2nloA=;
b=SZC5j3y9pTV2PYIMD2b0NOYN317OgWDUNM/BG5D+VtSDEBVuIKWv+1K/Ls33AMoL3Q
CYzPuj9KaOYCDiJcFA8zW1EEfHC4/n6dNnZhSZQUNZYAwKanPx4accZuMayTm+Z4GDl8
+Pyy43aPCGhIoxl03uGizsAMDkKmVFNEYC8mU=
Received: by 10.182.8.69 with SMTP id p5mr17184683oba.28.1327525990461; Wed, 25 Jan
2012 13:13:10 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Wed, 25 Jan 2012 13:13:10 -0800 (PST)
In-Reply-To:
References:
Date: Wed, 25 Jan 2012 13:13:10 -0800
Message-ID:
Subject: Re: procedure
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.248:2001; rg=B; GT=1162947501; fs=1002; ns=244;
id=a133GLF9Y7SR0VH-0P2113Ai; rv=6463/208.84.242.248:14051; ts=GVhUB; gv=71;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.195; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=FPVRjwRF9Hj; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=HbEazKowqn6;
ZB=GxGKMv+8uXG; ZB=JojJjXFWSFn; ZB=KTcn5V5eP8v; ZB=Em4KH6Q5JOH;
ZF=GWmuk3qhgFc;
X-CLX-ID: a133GLF9Y7SR0VH-0P2113Ai
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0444ec4b17716c04b760bb93
X-Terra-AV: Clam AntiVirus/0.97/13555
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
26 January 2012, 01:13:10
procedure
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
Bottom line, we need more time, at least 2-3 days. This is not a simple process on our end.
2012/1/25 yamatough
We have a rule – and we always follow it:
If you are the owner – you have the right to be the first one
asked. That is why we kept silent at the time of negotiating with
you.
We stick to the word given and nothing is going to happen to the code
if we complete the deal.
Were we not that way we would have already sold your code to that
willing many.
SO – you told us a week ago that you’ve being requesting a
response from Fin dprtmnt. We got no answer for the below question
so far:
?How much do you consider ENOUGH to pay us in order to
work all the issues out?
Name the price,
Clock’s tikin
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by 1ew.tpn.terra.com (LMTP); Wed, 25 Jan 2012 19:49:39
+0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: d890df64d9dd009c8d8d395af5c6bd98
Received-SPF: pass (17j.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 17j.tpn.terra.com (Postfix) with ESMTP id B8A45400000AF
for ; Wed, 25 Jan 2012 19:49:38 +0000 (UTC)
Received: by mail-tul01m020-f175.google.com with SMTP id uo9so6500800obb.6 for
; Wed, 25 Jan 2012 11:49:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=AOMx5lI/5eR84Go9J7EBrQrO07L/VhwLiz4pid0o1fI=;
b=uk7IpGB3sPIKdBYZ0nIc4wGJhRac/hng6j5lqCfdrQDufhL9O/1cajUP/xOXvslD0r
T1+BT3AaBqs76CYc0aVR61QwAGpV5RtAXGDQtnXqRdblK7lc0OXK+pWflsfUCyT8FfIj
k+z/EhR3AQaBQX3PRRCxbdk1/2yGSE4pJAeyE=
Received: by 10.182.85.103 with SMTP id g7mr16905872obz.38.1327520978677; Wed, 25 Jan
2012 11:49:38 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Wed, 25 Jan 2012 11:49:38 -0800 (PST)
In-Reply-To:
References:
Date: Wed, 25 Jan 2012 11:49:38 -0800
Message-ID:
Subject: Re: ON SALE
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1167979926; fs=1002; ns=90;
id=a123GLF9T5ZD0VH-0P1949dn; rv=6463/208.84.242.247:14051; ts=GVgFu; gv=85;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=FqLscOYR8rp; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=CZgYqjNfFQ4;
ZB=GxKEkk/AblN; ZB=OR25G89H2SG; ZB=BWZXpZEotoM; ZB=D6CZJoxS3nv;
ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9T5ZD0VH-0P1949dn
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d044789875db0c004b75f90cf
X-Terra-AV: Clam AntiVirus/0.97/4294967295
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
25 January 2012, 23:49:38
ON SALE
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
We are not trying to trick you. You said you had the PC Anywhere code and we were just being cautious. What would you have us do?
We really don’t want our code out there. How do you want to proceed.
2012/1/25 yamatough
If we dont hear from you in 30m
we make an official announcement and put your code on sale at auction
terms. We have many people who are willing to get your code
Dont fuck with us
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by bermore.tpn.terra.com (LMTP); Wed, 25 Jan 2012
01:38:09 +0000 (UTC)
X-RP-Score: 97
X-Terra-Karma: -2%
X-Terra-Hash: 7ac2b46fa481fe6b1a03092ca6cc3e93
Received-SPF: pass (17j.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 17j.tpn.terra.com (Postfix) with ESMTP id DA7944000008E
for ; Wed, 25 Jan 2012 01:38:08 +0000 (UTC)
Received: by obbuo9 with SMTP id uo9so5488278obb.6 for
; Tue, 24 Jan 2012 17:38:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=f73wIGmd05f4+jYDW5MO+12WyHgawLW5AHGRzZhuV/M=;
b=bg5YvUNAfzbSNxesLU+wUsSyLgM5uFaOvTfoEIqmbxc28HM0RXm1oZKale1WPYI3dL
zltbAY9fsZBST1qYHjL1VR5gROUUHbyzo1YngjcjTjm5wxvSYHGckmxlNPRTnpgG1PBp
AkHn7EABMtlTZFDNMKiCTO48vvaCqgKTedDkk=
Received: by 10.182.232.36 with SMTP id tl4mr13867329obc.58.1327455488669; Tue, 24 Jan
2012 17:38:08 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Tue, 24 Jan 2012 17:38:08 -0800 (PST)
In-Reply-To:
References:
Date: Tue, 24 Jan 2012 17:38:08 -0800
Message-ID:
Subject: Re: problem
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1148566722; fs=1002; ns=78;
id=a123GLF9T5ZD0VH-0P013895; rv=6463/208.84.242.247:14051; ts=GVQGc; gv=68;
fp=IgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=OQ9SCrwNU8h; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=LgKvCzAtyoa;
ZB=I6W0DC9w0vf; ZB=Em1DxhNegji; ZB=Kq4AVYZgMG0; ZB=yRcsKVheCH;
ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9T5ZD0VH-0P013895
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d04447387db788704b75050e8
X-Terra-AV: Clam AntiVirus/0.97/13555
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
25 January 2012, 05:38:08
problem
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
we are having network issues with ftp on the standalone computer. we think we can have it ready tomorrow and will send you login details.
On Tue, Jan 24, 2012 at 9:05 AM, yamatough wrote:
roger that
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by 1ew.tpn.terra.com (LMTP); Tue, 24 Jan 2012 01:39:50
+0000 (UTC)
X-Terra-Karma: -2%
X-Terra-Hash: 1b89049acc0475baa700e87b946917a9
Received-SPF: pass (13m.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 13m.tpn.terra.com (Postfix) with ESMTP id 5B24F800800A0
for ; Tue, 24 Jan 2012 01:39:50 +0000 (UTC)
Received: by obbuo9 with SMTP id uo9so4077571obb.6 for
; Mon, 23 Jan 2012 17:39:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=nLOhyu2toMvLJPGV97TjPoymWt/FxI8pBOKvm0S1a7E=;
b=VoB90ekT02dMJ+KHshG2m9L4zXgTnDnh33OOhVA63gyfKwEQKBvjBu6KafFQR0LAYQ
RNXwja9oRKrgVXXbOgzIY4lOH4LYx6xX7ofAlrO7kP4uI2brRxy/8z+jUgire92hIwkW
Ku6CbPrkn5S3F0Fg/M+tnWSY89iQaneMn21gc=
Received: by 10.182.36.9 with SMTP id m9mr5981338obj.78.1327369189889; Mon, 23 Jan
2012 17:39:49 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Mon, 23 Jan 2012 17:39:49 -0800 (PST)
In-Reply-To:
References:
Date: Mon, 23 Jan 2012 17:39:49 -0800
Message-ID:
Subject: Re: problem
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.247:2001; rg=B; GT=1119988520; fs=1002; ns=227;
id=a123GLF9Y7SR0VH-0O0139oH; rv=6463/208.84.242.247:14051; ts=GU7CB; gv=69;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=OQ9SCrwNU8h; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=DntXCvnDue;
ZB=DRImn+qd179; ZB=JZ+bccRfr7c; ZB=EUceLU5jMQW; ZB=F1rzXOc+Ncz;
ZF=GWmuk3qhgFc;
X-CLX-ID: a123GLF9Y7SR0VH-0O0139oH
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d0444ed490c97bd04b73c392c
X-Terra-AV: Clam AntiVirus/0.97/4294967295
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
24 January 2012, 05:39:49
problem
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
we are trying to setup a stand alone computer so this doesn’t affect our network. we only want to ensure our environment is safe. we will send you the ftp details tomorrow.
2012/1/23 yamatough
If you are trying to trace with the ftp trick it’s just worthless.
If we detect any malevolent tracing action we cancel the deal.
Is that clear?
You’ve got the doc files and pathes to the files
what’s the problem ?
Explain
Esta mensagem foi verificada pelo E-mail Protegido.
Este mensaje ha sido verificado por el E-mail Protegido.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Return-Path:
Received: from [208.84.242.70] by ochaua.tpn.terra.com (LMTP); Mon, 23 Jan 2012
21:15:05 +0000 (UTC)
X-Terra-Karma: -2%
X-Terra-Hash: 8786acb7fc632fa0f2fdd50b62b0b69e
Received-SPF: pass (16g.tpn.terra.com: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175;
envelope-from=sam.thomas.sym@gmail.com;
helo=mail-tul01m020-f175.google.com;
Received: from mail-tul01m020-f175.google.com (mail-tul01m020-f175.google.com
[209.85.214.175])
by 16g.tpn.terra.com (Postfix) with ESMTP id 6B1A040000170
for ; Mon, 23 Jan 2012 21:15:05 +0000 (UTC)
Received: by obbuo9 with SMTP id uo9so3788681obb.6 for
; Mon, 23 Jan 2012 13:15:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=4GPhvcuVQ7pqHotCnWEeIzH7nWQdlXd9xsLFkjbRLl4=;
b=op7I5lNaQfk8N7L7DBVXGPk1Y5bD9B8gChWLF4QNy2tMrRHJp6fGTC+T/McKFTVRFk
BcnX19Gr+jzFv6qlqjvFmulCz1GvuuFffZERs1cbrc+riO+zOZWn97il89yFYDSZgnjf
yejopmlQxPIfsGTqO2PyAqQ1RswDDtHa94eUI=
Received: by 10.182.150.66 with SMTP id ug2mr9304615obb.68.1327353305201; Mon, 23 Jan
2012 13:15:05 -0800 (PST)
Received: by 10.182.54.52 with HTTP; Mon, 23 Jan 2012 13:15:05 -0800 (PST)
In-Reply-To:
References:
Date: Mon, 23 Jan 2012 13:15:05 -0800
Message-ID:
Subject: Re: it’s monday
From: Sam Thomas
To: yamatough
X-CLX-Rate-Response: fi=10.235.200.250:2001; rg=B; GT=-1010716282; fs=1002; ns=226;
id=a113GLF9R74V0VH-0N21155c; rv=7182/208.84.242.250:14051; ts=GU3J0; gv=86;
fp=BIgEA; fu=B; fl=HAA; ip=209.85.214.175; he=DTfqBJKT+eL; ht=1;
ho=Kg3MSjO4MvO; hd=IyIAQ9rT0ut; hf=HPIWFTaVB36; hF=FtwWVwyi38v;
hj=F2PKcxmxqXE; hr=PS19+PXxWZ4; ZM=BmG9FbYlJS6; ZB=MdGMK9Zhwms;
ZB=I6W0DC9w0vf; ZB=KSnUl0B6RGr; ZB=OfSNpvNe8u7; ZB=NxTmJTVdS73;
ZF=GWmuk3qhgFc;
X-CLX-ID: a113GLF9R74V0VH-0N21155c
X-Abaca-Spam: 1002
Content-Type: multipart/alternative; boundary=f46d044795293f7b4804b73886cf
X-Terra-AV: Clam AntiVirus/0.97/13554
X-Terra-Rec-Key: eWFtYXRvdWdoQHRlcnJhLmNvbS52ZQ==
MIME-Version: 1.0
Status: O
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Thomas
yamatough
24 January 2012, 01:15:05
it’s monday
html
–====—-====—-====—-====—-====—-====—-====—-====—-====—-===–
in the process of setting up a secure ftp site. should be ready today or tomorrow.
2012/1/23 yamatough