Symantec Hacked in 2006? Claim Raises More Questions

Tuesday, January 17, 2012



The Symantec source code exposure saga has become even more convoluted with the latest statements attributed to the company's spokesman.

According to an article by Reuters, Symantec is now asserting that the company was hacked in 2006 and source code for several of their leading commercial and enterprise products was stolen.

"Unknown hackers obtained the source code, or blueprint for its software, to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, company spokesman Cris Paden told Reuters on Tuesday," the Reuters article states.

As previously reported, a hacktivist group called the  “The Lords of Dharmaraja” had claimed to have breached Indian government servers and obtained the source code for Symantec's products, as well as those of several mobile device manufacturers.

Infosec Island was provided with a sample of Symantec's Norton antivirus code by hacktivist YamaTough, which was passed on to Symantec for analysis.

Cris Paden, Sr. Manager for Corporate Communications at Symantec confirmed that the sample was from a 2006 version of the company's Norton antivirus product, but maintained that the code was not stolen from Symantec's networks, which aligned with the hacktivist's claims.

"Symantec can confirm that a segment of its source code has been accessed.  Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved," Paden told Infosec Island.

Symantec and several other companies refuted the hacktivist's assertions that the source code had been voluntarily provided to the Indian government to assist with civil monitoring activities in exchange for guarenteed market share.

According to the Reuters report, Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of the proprietary product data.

"Paden said in an email on Tuesday that an investigation into the matter had revealed that the company's networks had indeed been compromised," Reuters reports.

The new claim still leaves many elements of the dataloss event unanswered, as well as raising some other serious questions.

First, Symantec's explantion does not explain how the hacktivists would have come into possession of the source code for several other companies, as they have claimed, nor does it shed any light on why the revelations about the exposure of the Symantec source code did not materialize until six years later.

It also would not explain why the same group of hacktivists were in possession of dozens of usernames and passwords for highly sensitive US government networks. Infosec Island provided that information to the proper authorities and are fully cooperating with the investigation.

And, assuming Symantec employs their own enterprise network security solutions to protect the company's own systems, why did it take so long to uncover an intrusion event of this magnitude?

Does this not imply that Symantec's customers who were using the same security products were equally at risk of a serious network breach event in 2006? What about customers who used the products for which the source code was stolen in the event? Were they not at risk for the last six years?

Symantec is a good company, but any way these scenarios eventually play out, they will have a long term impact on the company's viability.

Possibly Related Articles:
Antivirus Data Loss Symantec Hacktivist hackers Norton breach Source Code The Lords of Dharmaraja Cris Paden YamaTough PCAnywhere Norton Internet Security Norton Utilities Norton GoBack
Post Rating I Like this!
Bobby Mann A little before DLP was really in play - certainly not in SYMCs portfolio. Lots of ways this could have happened - doesn't excuse it, but look at RSA. SYMC wasn't the first and unfortunately won't be the last. I hope they have made big changes to segment, authorize, secure and protect the code since this happened.
Pradeep Kadambar Symantec didn't know it was attacked for 6 years. That put a serious doubt on it's abilities and if they new then their credibility. At least RSA admitted immediately that it had a breach and what was compromised.

Compromised source is a bigger issue. As good as giving out the keys to the kingdom.
Bobby Mann Pradeep, I don't think they know. And before you go too far with how great a find this is.. I looked at the Norton Utilities archive (120MB). There are less than 50 files with dates from 2006. Most are 1995-2000. This smells like a home (ex programmer, or 3rd party programmer that had taken the archive home) system that was hacked. Perhaps a disk that wasn't properly destroyed and someone found this. There's nothing there worth even worrying about - for Norton utilities. We haven't seen evidence of newer code for anything. I doubt Symantec really even knows but has to speculate it could be bigger.
As for RSA, you are INCORRECT. They did not disclose immediately. The breach happened and then a zero-day exploit started targering RSA-protected sites. Get the facts straight. RSA only announced after the threat was already REAL. Symantec threat is still theoretical and there is no exploits yet. Give them credit for full disclosure. I'm not saing there wasn't some negligence, but they weren't the first and won't be the last. It bugs me how people pile on without having all the facts.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked