Hackers sought $50,000 from U.S. anti-virus firm Symantec Corp in return for the stolen blueprints to its flagship products under what the company says was a sting operation run by an undisclosed law enforcement agency via emails.
The company said the emails were in fact between the hacker and law enforcement officials posing as a Symantec employee.
"The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation," company spokesman Cris Paden said, adding that no money was paid.
Paden declined to name the law enforcement agency, saying it may compromise the investigation.
Symantec had previously confirmed the hacker, part of a group called Lords of Dharmaraja and affiliated with Anonymous, was in possession of source code for its products, obtained in a 2006 breach of the company's networks.
An email exchange released by the hacker, who is known as YamaTough and claims to be based in Mumbai, India, shows drawn-out negotiations with a purported Symantec employee starting on January 18.
The email negotiations echoed conversations in past years, viewed by Reuters, in which police agencies directed talks between victims and hackers.
"We can't pay you $50,000 at once for the reasons we discussed previously," said one email from a purported Symantec employee Sam Thomas, who offered to pay the full amount at a later date.
"In exchange, you will make a public statement on behalf of your group that you lied about the hack."
The hacker said he never intended to take the money and warned he would soon release the blueprints for Symantec's pcAnywhere and Norton antivirus products.
"We tricked them into offering us a bribe so we could humiliate them," YamaTough told Reuters.
In recent weeks, the hacker has posted segments of code for Norton Utilities and other programs. A software maker's intellectual property, specifically its source code, is its most precious asset.
Symantec's Norton Internet Security is among the most popular software available to stop viruses, spyware, and online identity theft.
Symantec said the version of the source code in the hacker's possession from 2006 no longer posed a threat to its customers even if the full blueprint to the software is released.
After the hack was made public in January, Symantec asked its customers to temporarily disable pcAnywhere. It later declared it safe to use after offering free upgrades.