Symantec Confirms Norton AV Source Code Exposed

Thursday, January 05, 2012

Anthony M. Freed


Update: Symantec Hacked in 2006? Claim Raises More Questions

Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: " investigation into the matter had revealed that the company's networks had indeed been compromised"...

*   *   *

Update:  Hacker to Release Symantec's PCAnywhere Source Code

"YamaTough, spokesperson for the hacktivist group “The Lords of Dharmaraja”, informed Infosec Island of plans to release source code for Symantec's PCAnywhere. The release is to be made prior to the threatened exposure of the full source code for the Norton antivirus..."

*   *   *

Update: Exclusive: Interview With Hacker YamaTough

*   *   *

Infosec Island was provided with a file by an unidentified hacker going by the handle YamaTough which after preliminary analysis appeared to contain source code for the 2006 version of Symantec's Norton antivirus product.

Infosec Island provided Symantec with the file for analysis, which has now been completed.

Cris Paden, Sr. Manager for Corporate Communications at Symantec emailed Infosec Island editors with the following statement concerning the exposure of source code for the company's Norton antivirus product:

"Symantec can confirm that a segment of its source code has been accessed.  Symantec’s own network was not breached, but rather that of a third party entity."

"We are still gathering information on the details and are not in a position to provide specifics on the third party involved."

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions.  Furthermore, there are no indications that customer information has been impacted or exposed at this time."

"However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information.  We will communicate that process once the steps have been finalized."

"Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.

Though the code is for an older version of the Norton antivirus product, the impact of the exposure is still as of yet undetermined, and several questions remain:

  • As the file provided to Infosec Island and passed on to Symantec was merely a sample of the material YamTough claimed to be in possession of, does that mean that code for more recent editions have not been compromised as well?
  • What was the "third party" - presumably some entity related to the Indian government - doing in possession of the source code for the Symantec product?
  • How much information would source code from 2006 provide to malware authors assuming that the entire product has not been reinvented from scratch since the time this code was produced?

Symantec officials have indicated they will be providing more information as they continue their investigation, and certainly more will be known if the entirety of the compromised data YamaTough claims to be in possession of is finally released to the public as has been threatened.

Stay tuned for more as this story develops into what could be one of the biggest data loss events of 2012, and just less than one week into the new year.

Previous coverage:

Possibly Related Articles:
Information Security
Antivirus Symantec hackers Norton breach Source Code India The Lords of Dharmaraja YamaTough
Post Rating I Like this!
Yama Tougher Cris seems to be a nice fella, I wonder if the whole board was negotiation whether to make a statement like that or not =) Any idea why they cancelled our g+ account? =)
Yama Tougher I was censored, I can prove that me iz me by making some more releze of src
Yama Tougher SpywarePlus directory from src pack - to prove my Identity. G+ deleted my account right after Tony messaged me to talk in private...
Yama Tougher a government contractor can shut up pretty much anyone...they do it coz of angst=affraid
Yama Tougher same shit experience our anonymous brotherz, I wonder when comments from ll follow?
Bobby Mann First off, Google has the right to delete based on the fact you are essentially initiating terrorist activity thus anything that violates the agreement you "signed" when you created your G+ account is grounds for deletion. Has nothing to do with Symantec, as Google just doesn't want to be part of it. By the way, that's the least of your problems. Stay tuned.
Bobby Mann Yama, you claim to have source from other companies as well. What other companies? Why target just one?
Yama Tougher Smell some poo?
Yama Tougher You know what companies we are talking about in here, am waiting for the least of my problems to follow and than deliver ok? Blame not us but blam frakign sym and others who delivered code to foreign entity they should get fraking prosecuted for doing this but ofcource since they all are cia they wont let it out
Bobby Mann Put up or shut up. What companies? Show some balls and give us proof that other companies are involved.
Bobby Mann No, the millions of symantec customers will blame YOU as a result of your terrorist activities. There will be no sympathy, only disdain (you know what that means, right) for you.
EH EH This is upsetting. Yama please delete all the source code you came into possession. And leave this issue into the void. Please walk away! :)
EH EH Actually, what I told wouldn't be a good idea. You have shown the world where from they can get the source code too.
dingo mybaby Since it was six year old code for SEP and SAV it seems like it was just a lucky find on an out of date server - no other material has been shown so its not much of a scalp...
neero 2007 Yama s list included files with names fprot.CAinnoculate. mcafee etc.. Does that men NAV was using their source codes too ?? :P...they could have. Leaked file names were from NAV 2006 and i beleive there would nt be much modification since!!
Commander Mukesh Saini (Retd.) I do not hold brief for government of India but I have received inputs that the above letter is not only fake but an attempt to cause misunderstanding between India and US( and I add that collateral fire may hit China. Some of the reasons which show that the documents is fake are:
(a) Despite being highly sensitive there is no security classification.
(b) Spelling mistakes show shoddy work of fraudster.
(c) Addresses are incorrect.
(d) There is no such technological, administrative and jurisdictional possibility.
(e) There are no such pacts with the named organisations/companies.
(f) The style of language and usage of phrases are not 'Indian' but 'US'
Bobby Mann Agreed. Fake. This smells...
Page: « < 1 - 2 > »
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.