Update: File Appears to Contain 2006 Norton AV Source Code

Thursday, January 05, 2012

Anthony M. Freed

6d117b57d55f63febe392e40a478011f

Update: Symantec Hacked in 2006? Claim Raises More Questions

Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: "...an investigation into the matter had revealed that the company's networks had indeed been compromised"...

*   *   *

Update:  Hacker to Release Symantec's PCAnywhere Source Code

"YamaTough, spokesperson for the hacktivist group “The Lords of Dharmaraja”, informed Infosec Island of plans to release source code for Symantec's PCAnywhere. The release is to be made prior to the threatened exposure of the full source code for the Norton antivirus..."

*   *   *

Update: Exclusive: Interview With Hacker YamaTough

*   *   *

Update: Symantec Confirms Source Norton AV Code Exposed

*   *   *

Update: Infosec Island has been provided with a file that, after preliminary analysis, appears to contain source code for the 2006 version of Symantec's Norton antivirus product.

Infosec Island has provided Symantec with the file and are awaiting their analysis. We will not be releasing the file due to the sensitive nature of the information contained therein.

We will list the developers' usernames that were included in the file, which are as follows:

  • CEATON
  • tcashin
  • rchinta
  • DBuches
  • MDUNN
  • DSACKIN
  • KSACKIN
  • TIVANOV
  • BGERHAR

In all likelihood, the group who provided us with the data will probably be releasing the material soon. Also, YamaTough's Google+ page now displays a 404 message.

Stay tuned for more updates.

*   *   *

Cris Paden, Sr. Manager for Corporate Communications at Symantec, submitted the following statement in the comments section of our article on the alleged breach of the company's source code for the Norton AV product:

"Cris Paden with Symantec. Be advsied we investigated the original claim that NAV source code had been exposed and found it to the be false. The information posted was actually a document from 1999 explaining how the software worked, but did not include any actual source code. FYI."

Infosec Island contacted Paden at the Symantec company email address provided in his member profile with a request to confirm the validity of this comment, and also to ask for further details on the alleged breach.

Paden replied as follows:

Hi Anthony. Definitely me.  To clarify, there were two claims made actually.  The first claim was made yesterday, and we found that to be a 1999 document on how the software works.  However, there were subsequent claims made about 3 hours ago that we’re investigating now.  In a situation like this, it’s important to stick to the facts, so I don’t want to speculate.  But I can confirm that the first claim turned out to be inaccurate.

What they’ve posted since on your site may pertain to the second claim, but we’re just not sure yet.

Does that help?

Thank you for checking with me. Very kind of you.  Really appreciate it.

Cris

Meanwhile, Infosec Island Managing Editor Anthony M. Freed had a brief exchange with YamaTough, an unknown entity who claims to be involved in the alleged breach and who has subsequently made posts on Google+ with information supposedly obtained in the hack.

ANTHONY M. FREED  -  Thanks - so first question would be when will you release the Norton source code?

Yama Tough  -  As soon as we r over with the blockade we experience from Indian and US LE and Intel, since the issue not really in Symantec but In fact that India is spying on USCHINA ECON SEC commission (example William Reinsch Larry Wartzel, Dan Slane, Michael Dannis etc emails) we think since they are former CIA US and India block our mirrors and we have many of our brothers now under search and ceizure warrants pending Symantec is not a big deal they just happened to sign an agreement with Indian MI thats all the deal is what kind of stuff we;ve owneed by owneeing MEA servers...we expect to publish by 10th -16th this month.

ANTHONY M. FREED  -  Next, who exactly was breached in order to obtain the Norton source code?

Yama Tough  -  you want proofs tell me wich file you want from the list I give it to ya.

ANTHONY M. FREED  -  Why release it at all - what kind of statement are you trying to make?

Yama Tough  -  Our goal is Bharti Mittal go off politacl arena and stop manipulating our government India bought the right to spy on people worldwide by getting src from all major sft mnfctrs wegot many things to say so...

YamaTough then left a comment on a Google+ thread related to the original article we posted on the alleged breach, stating:

Tony we are uploading a tiny portion of the code send it to Symantec lolz for analysis and ask them not to deny upcoming mayhem =) The more they refuse to acknowledge the more shit pours on them ... We hate when Corporations lie - and ask them what right they had to transfer src to Indian fking Intel ? Awaiting comments from Bill Reinsch of NFTC and Michael Danis of USCC.GOV on the issue...

Update 1:

We sent the comment to Paden and are now awaiting a reply. Since then YamaTough has sent us links to a Pastbin post and photos of documents on Imgur stating they show the "origin of all":

Call me Blane since ai got no time to bleed but I shall 4 u only http://imgur.com/a/8XoGf http://pastebin.com/0U4dWcUX origin of all

Update 2:

We have been provided with a link to a download purported to be a sample of the source code. We have provided the link to Symantec who is in the process of analyzing it.

Paden relayed to us via email that they have only officially denied the first claim made by the alleged hackers, and are currently investigating the second claim and the data sent to them by Infosec Island.

Paden stated the following:

“Symantec is still analyzing information on subsequent claims of our source code being disclosed.  The first claim pertained to having Norton Antivirus code; however, our investigation confirmed it was a document from 12 years ago saying how the solution worked.  As for the second claim of additional code, we cannot confirm or deny the those claims as we are still analyzing the information.”

More updates to come...

Possibly Related Articles:
16328
Breaches
Antivirus Symantec hackers Norton breach Source Code The Lords of Dharmaraja Cris Paden YamaTough
Post Rating I Like this!
924ce315203c17e05d9e04b59648a942
Richard Stiennon Great work Anthony. Keep it coming. I detect that YamaTough believes the Symantec source code is secondary to their hack of India's MoD. Certainly within intel circles the revelation of intercepted emails of the U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION by India (as revealed in the img.ur files) is going to shake things up a bit. Perhaps not even the spying but the lack of security that allowed the theft and subsequent posting.
1325807144
A762974cfbb0a2faea96f364d653cbc6
Michael Menefee from what I can gather from the currently-deleted google+ chat messages between InfosecIsland and YamaTough, he/she/they are not claiming responsibility for hacking into symantec...what they have said and provided though, does indicate that a leak of Symantec's source code is out there and not accounted for.
1325812453
Default-avatar
Bobby Mann Here's a GREAT reason why you should NEVER outsource your development to scumbag countries like india and china. Non-disclosures, contracts and security in general mean nothing there. lesson learned.
1325815775
924ce315203c17e05d9e04b59648a942
Richard Stiennon Bobby: It is apparent that this is NOT an outsourcing issue. From other leaked docs it appears that the Indian government is requiring source code from vendors and access to phone hardware in order to eavesdrop.
1325816261
Default-avatar
jassica john Always be prepared to ask everyone at help in to assistance. When you give upward when issues cannot seem to be operating, you will be squandering everything you’ve put in to this thus far.
http://www.sinkorswimphiladelphia.com
1393233708
Default-avatar
jassica john A business model many people incorporate are mlm. Ones model basically pays workers when commission when it comes to marketing they generate and also for the new employees which they hire.
http://www.mskqmz.com
1393502428
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.