Members of the Anonymous network claimed Symantec offered $50,000 in return for the guaranteed destruction of code tied to its pcAnywhere and Norton Antivirus tools, and a declaration that Anonymous lied about an earlier hack.

Members of the Anonymous network released an email thread on Monday that claims that Symantec offered $50,000 in return for the guaranteed destruction of code tied to its pcAnywhere and Norton Antivirus tools.

But the deal fell through, according to the AnonymousIRC account, and the code will be released for free to the Internet at large, the group said.

"Update regarding Symantec: Stay tuned for the f**king lulz," added "TheRealSabu, another member of the Anonymous collective. "Let's just say Symantec tried to give us 50,000 reasons not to release sources!"

The group said later that the code would be released. Separately, , the staff sergeant who led an assault on the Iraqi city of Haditha that left 24 unarmed civilians dead.

According to the email chain, Sam Thomas, an employee of Symantec, began negotiations with "Yamatough," a member of the Lords of Dharmaraja group using a Venezuelan email address, on or about Jan. 18. According to the emails, Symantec asked Yamatough and the group to lie about having accomplished an earlier 2006 hack, which obtained the code.

Symantec said it knew of the postings.

"In January, an individual claiming to be part of the 'Anonymous' group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession," a company representative said in an email on Monday night. "Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide."

No "Sam Thomas" could be found on LinkedIn as a Symantec employee, and emails to the account went unreturned but did not bounce.

On Jan. 26, , pcAnywhere, to disable the product until Symantec patched vulnerabilities related to the 2006 theft of source code by Anonymous.

PcAnywhere, originally a product of Peter Norton Computing, is a tool that gives enterprise users remote access to their PCs. It is sold individually or bundled in Altiris Client Management Suite, Altiris IT Management Suite versions 7.0 or later, and Altiris Deployment Solution with Remote v7.1.

The code breach also affected the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), and pcAnywhere. It also included a "small percentage of the pre-release source for the Symantec AntiVirus 10.2 product," or less than 5 percent, Symantec said. By Jan. 30, and said it was safe to use.

According to the emails, the negotiations persisted for several weeks, while the two sides worked out technical issues. Symantec's Thomas contacted Yamatough on an external Gmail account, for example, which apparently wouldn't permit the attachments necessary as proof that Anonymous had the code.

Negotiations begin

On. Jan 23, Yamatough got suspicious. "If you are trying to trace with the ftp trick it's just worthless," Yamatough wrote. "If we detect any malevolent tracing action we cancel the deal. Is that clear? You've got the doc files and pathes [sic] to the files. what's the problem? Explain."

"We are trying to setup a stand alone computer so this doesn't affect our network," Thomas wrote back. "We only want to ensure our environment is safe. we will send you the ftp details tomorrow."

By Jan. 25, Yamatough began the hard sell. "If we dont hear from you in 30m [minutes] we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code," Yamatough wrote. "Dont f**k with us."

"We are not trying to trick you," Thomas wrote back. "You said you had the PC Anywhere code and we were just being cautious. What would you have us do?"

But Symantec continued to delay, and Anonymous allowed it. Later on Jan. 25, Yamatough said that, as the code's owner, "you [Symantec] have the right to be the first one asked. We stick to the word given and nothing is going to happen to the code if we complete the deal."

"Bottom line, we need more time, at least 2-3 days," Thomas returned.

By Jan. 31, payment options were being negotiated. Symantec wanted to use PayPal, while Yamatough favored Liberty Reserve, an offshore account. Thomas said that the Symantec finance department was working through the approvals needed, but asked for an alternative. "We are willing to do what it takes to get our code back and protect our customers but we've never been in this position before," Thomas wrote. "Please be patient and we will find something that works for both of us."

By this time, Anonymous and Yamatough were getting impatient. There were no options but Liberty Reserve, Yamatough said, aside from a wire transfer to a bank in Latvia.

"What are the guarantees that we wont come back for more? - NONE," Yamatough wrote. "Of course, you have to trust us on this one, if we were really bad guys we would have already released or sold your code at the time of exchanging emails with you which is almost a month - AND WE KEPT SILENT all that time and stuck to our word given to you.

"So - No Guarantees - Trust Us - We wont come back and wont manipulate the code," Yamatough added. "At least it is worth a try and we assure you we are man of honor we keep our promise. What you are going to get if no agreement reached? - We both know. Partial release of code - Official Auction Bidding on some of it - 0day exploitation. That happens as soon as we understand your negative call."

Symantec's counteroffer: $1,000 via Liberty Reserve as a test, and a good faith agreement.

On Feb. 1, Symantec came back with its offer: $50,000 in total, with assurances that Anonymous wouldn't release the code. Payments would begin with $2,500 per month for three months, Thomas wrote. "You know how the corporate environment works and we have to treat this like a business transaction," he wrote.

The deal breaks down

"I am afraid we have to cancel the whole deal because our offshore people wont let us securely get the money because they wont process amounts less than 50k a shot," Yamatough wrote on Feb. 2. "Therefore we are afraid we can not proceed with you on the conditions offered."

Later, Yamatough added: "Say hi to FBI agents, It's funny you do not use your corp account anymore =) We wonder why is that be that way? =)"

"We are not in contact with the FBI," Thomas protested, according to the email exchange. "We are using this email account to protect our network from you."Protecting our company and property are our top priorities. "

"We can't pay you $50,000 at once for the reasons we discussed previously," Thomas added. "We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that's done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem."

On an email postdated Feb. 6, Yamatough wrote: "Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we've made mirrors so it will be hard for you to get rid of it."

Symantec's Thomas asked for more time. At that point, the email chain ended.

Editor's Note: This story was updated at 10:02 PM on Feb. 6 with an updated statement from Symantec. This story has also been corrected to note that Yamatough is a member of the Lords of Dharmaraja, a group loosely affiliated with Anonymous.