View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 6, 2012updated 22 Aug 2016 10:51am

Symantec confirms Norton AV code theft

Code relates to two older enterprise products; experts suggest no real damage done

By Steve Evans

Security giant Symantec has confirmed that elements of its source code have been stolen by hackers that accessed servers belonging to the Indian military.

Symantec said the code, which relates to its Norton antivirus product, is from two older enterprise products, one of which is no longer in use. It will not affect consumer customers, Symantec said.

A hacking group calling itself The Lords of Dharmaraja claimed on Pastebin that it had accessed the code and would publish it online. The post has since been deleted but is still available via Google cache.

Symantec’s statement acknowledges the third-party breach. "We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication the code disclosure impacts the functionality or security of Symantec’s solutions. Symantec’s own network was not breached, but rather that of a third party entity," it reads.

The statement added that Symantec believes no customer data is at risk. "Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."

Fellow security companies have come out in support of Symantec, claiming the theft of source code is not a huge disaster, but that damage could be done to Symantec’s reputation.

"If the rumours turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers," wrote Imperva’s Rob Rachwald on the company blog.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"There isn’t much hackers can learn from the code which they hadn’t known before. Why? Most of the anti-virus product is based on attack signatures. By basing defences on signatures, malware authors continuously write malware to evade signature detection," he added.

"Further, malware versions continuously evolve in such a rate where signatures cannot keep up with them in the first place. The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them. A key benefit of having the source code could be in the hands of the competitors," wrote Rachwald.

Graham Cluley of Sophos agreed, saying that the company is paying for a hacking group’s issues with the Indian government: "Even if it was up-to-date source code, it may be of limited use to hackers and be used more as a "trophy scalp" for a hacking group attending to generate publicity for its grievances with the Indian authorities."

"It’s hard not to feel sympathy for Symantec – who appear to have been caught in the crossfire between a hacking gang and the Indian authorities. Although Symantec customers may not be at risk, it’s easy to see how the software company will feel bruised by the publicity that the Lords of Dharmaraja have generated through their hack," he wrote.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU