Symantec, the maker of Norton Antivirus, has long-established that a hacking collection has gained access to some of the safety product’s source code. An Indian hacking collection, vocation itself the Lords of Dharma raja, has threatened to publicly unveil the source code on the internet.
So far, there have been two claim connected to Symantec’s source code.
First, a text claim to be confidential information connected to Norton Antivirus source code was post on Pastebin. Symantec says it has investigate the claim, and that – quite than source code – it was certification dated from April 1999 related to an API (application programming interface) used by the product.
And secondly, the hacking group communal source code related to what appear to have been the 2006 version of Symantec’s Norton Antivirus product with press from Infosec Island.
A hacker called Yama Tough who appears to be acting as a representative for the gang, posted the content to Paste Bin and then published messages on Google+ about the alleged breach.
The content on PasteBin has since been uninvolved, and Yama Tough’s Google+ posts deleted. The hackers claim that it is working on creating mirror sites for its content, as it has felt pressure and censored by US and Indian administration agencies.
It’s important to underscore that there is currently no reason to believe that Symantec’s own servers have been breach.
Instead, it appears that the data seep out may have occur on Indian government servers – and the implication is that Symantec, and perhaps other software companies, may have been necessary to supply their source code to the Indian establishment.
Furthermore, it is not obvious if the source code which was access is relevant to up-to-date installations of Symantec’s anti-virus foodstuffs and thus clientele may not be at risk.
Even if it was up-to-date source code, it may be having incomplete use to hackers and be used more as a “trophy scalp” for a hacking group intending to make publicity for its grievance with the Indian establishment.
Chris Paden, a Symantec spokesperson, confirmed to InfoSec Island that some of the firm’s source code had been access:
“Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity.”
“We are still gathering information on the details and are not in a position to provide specifics on the third party involved.”
“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time.”
There are some other details in a statement Symantec has posted on Facebook:
Statement posted by Symantec
“Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity.”
“We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time.”
“However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.”
It’s hard not to feel sympathy for Symantec – who appear to have been caught in the crossfire between a hacking gang and the Indian authorities. Although Symantec customers may not be at risk, it’s easy to see how the software company will feel bruised by the publicity that the Lords of Dharma raja have generated through their hack.