Symantec: The Inconvenient Truth Behind the Data Breach

Tuesday, January 17, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

Do you remember the case of Symantec and the theft of the source code of some of its products by an Indian group of hackers called The Lords of Dharmaraja?

On that occasion it was declared by Symantec officials that the source code for its products had been stolen in a successful attack on a third party.

The Lords of Dharmaraja said they obtained the data from the network of the Indian Military who had the code thanks to an agreement with the manufacturer.

Last week, the hackers released the source code for the 2006 version of Norton Utilities and have said they planned to release code to the Norton antivirus software. It was not clear why the source code was being released six years after the theft.

Source code is full of surprises and rich of useful info including the comments of the developers that share info on the design of their software.

The immediate reply by Symantec pointed out some specific information:

  • The source code stolen was dated on 2006.
  • The code disclosure has no impact on current software version.
  • The internal Symantec network was not accessed by hackers

The news of the day is the admission that the company's internal network was compromised after all. The news, as you can imagine raises disturbing questions; first of all the veracity of the statements made in the aftermath of the incident.

The company had previously described a completely different scenario, so why would wait this period of time before this new admission? Could it be that he announced release of stolen software could reveal other inconvenient truths that have forced the company to make outing?

Particularly disturbing is the announcement of the list of affected Symantec products. Initially, Symantec spokesman Cris Paden said the hackers had stolen only the source code of Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, minimizing the seriousness of the breach.

The situation is now changed again because the same Paden today admits that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and PCAnywhere, had been stolen and some of these products are today available on the market, this means that there could be an impact on the customers.

Source code for products like the famous Norton antivirus and the Symantec PCAnywhere, the world’s leading remote access software solution, will be exposed according the statements of the hacker "Yama Tough" - member of a gang calling itself "Lords of Dharmaraja".

"Symantec is currently in the process of reaching out to our PCAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information," Paden said.

Symantec now admits that the source code had been stolen in 2006 unnoticed hack attack, exactly six years ago. But the consumer has to wonder about how they handled the situation and why it was made public only today. What is the real impact on the safety of products sold in these years?

In a time noted for the increase in cyber attacks on government and private companies, it is questionable in whose hands the code is really being finished the and for which purposes is may have been used.

I assume that the situation can still surprises us, I can only hope that an unseemly silence will not cover inconvenient truth in the name of money.

References

http://www.reuters.com/article/2012/01/17/us-symantec-hackers-idUSTRE80G1DX20120117

Possibly Related Articles:
15835
Infosec Island Breaches
Software
Antivirus Symantec hackers breach Source Code The Lords of Dharmaraja Cris Paden YamaTough PCAnywhere Norton Utilities Norton GoBack
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.