Symantec is working to soften the revelation that a segment of its source code for Norton products was stolen in a security breach. But is it enough to convince customers that Symantec is holding its security secrets tight to its chest?
An Indian hacking group is claiming that it got its hands on source code used in the Norton anti-virus program. Known as the Lords of Dharmaraja, the group is making threats to take the source code public, potentially giving a black eye to the security industry leader.
Yama Tough, a hacker in Mumbai, is serving as spokesman for the Lords of Dharmaraja. He claims the group obtained the source code from less-than-bulletproof Indian government servers.
Hackers Speak Out
"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group said in a statement on its Google+ page.
"Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from U.S. and India government agencies."
Symantec Answers Back
Cris Paden, a senior manager for Symantec's corporate communications, said the drama began on Wednesday. That's when a local chapter of Anonymous from India claimed in an online forum they possessed source code for Symantec's Norton Antivirus solutions.
"Symantec's Information Security team investigated the claims and found that instead they possessed documentation from 1999 describing how Norton Antivirus worked, but no source code was included. Hence, the claim was false," Paden said.
However, he added, on Thursday morning, the same chapter announced they possessed additional code. Based on the samples they provided to the same online forum, Symantec's Information Security team investigated and confirmed they did indeed have code; but that it was 4 and 5 years old and pertained to two enterprise products, SEP 11, and SAV 10.2.
10 Million Updates Later
"While SAV 10.2 is still serviced by Symantec, it has been discontinued. SEP 11 has since evolved into SEP 12.0 and 12.1," Paden said. "This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third-party entity."
Symantec recommends users keep their product version updated to ensure against any new threats that might materialize as a result of this incident.
"Another thing to bear in mind: In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats. If you extrapolate to four and five years, you can get an idea of how much our products/solutions/and code has evolved over the following years," Paden said. "It doesn't minimize the situation, but it helps as far as a perspective on how old this code is."
Posted: 2012-01-09 @ 8:55am PT
This is the first "complete" description of the incident I have read. While it is disturbing source code was gained from such a central security providor, it is neither shocking they were targetted or indicative of a huge exposure. It is very old code in security terms and seems to be a piece of code that by itself may be of limited or no risk. Orgs that are using current versions seem to be unaffected and those on these old or expired versions were at some risk being out of date anyway.
I would hope Symantec and others take a good hard look at restricting further who they share their code with, even old code.
Lets see if this incident can help us find anonymous though. These nuts are going to hurt someone if they are not stopped