October 10, 2024

Bits Blog: Symantec Confirms ‘Segment’ of Source Code Was Stolen

Security experts analyze global threat activity from the Symantec Security Operation Center in Alexandria, Va.SymantecEmployees at the Symantec Security Operation Center in Alexandria, Va.

Hackers have stolen some of the programming code for two of Symantec’s antivirus products for businesses.

A Symantec spokesman, Cris Paden, confirmed the hack in an e-mail on Friday but said the products involved, Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, WEre four and five years old respectively. Symantec no longer sells the latter product, but does continue to service it. Mr. Paden said the hack does not affect the company’s flagship Norton brand consumer products.

“We have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” Mr. Paden wrote in an e-mail. “Symantec is working to develop remediation process to ensure long-term protection for our customers’ information.”

Source code can be exploited by competitors, or used by hackers to corrupt antivirus products or write malicious code that circumvents those products altogether. But the age of the products involved could limit the damage.

“If this code is four or five years old, it is likely it has evolved quite a bit,” says Robert Rachwald, director of security strategy at Imperva, an Internet security company. “That said, if there are any core functions that have not evolved, then hackers could take a look at Symantec’s source code and find ways to manipulate it.”

A hacker group calling itself the Lords of Dharmaraja claims to have discovered Symantec’s source code in a hack it conducted on India’s military and intelligence servers. In a post  on Wednesday on the bulletin board Pastebin, the hackers wrote, “We have discovered within the Indian Spy Program source codes of a dozen software companies,” which they said had signed agreements with an Indian defense program and its Central Bureau of Investigation.

The original post, which is no longer on Pastebin but is still available through a Google cache, contained a document bearing a 1999 date that described how Symantec software was intended to work but did not contain any code. The hackers later posted a second file on Pastebin, which is no longer available, that Symantec confirmed contained a “segment” of the source code for the enterprise products.

“This does not happen very often,” Mr. Rachwald of Imperva said. “Source code is a company’s crown jewels. Most companies put lots of locks and chains around it.”

Article source: http://feeds.nytimes.com/click.phdo?i=46e76f2714e6de828f6b96a369b676f0