Symantec confirms product source code theft


Symantec today confirmed some of its source code relating to two of its "older enterprise products" has been stolen.

Although one of the products has been discontinued, another remains active, yet Symantec was not forthcoming about what those products were.

The code is four and five years old, the security giant said, and does not affect Norton products for consumers.

If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself.

"Symantec's own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved," a spokesperson told IT Pro.

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers' information. We will communicate that process once the steps have been finalised."

Symantec said it had no further details to disclose at the time but will provide updates as it confirms "additional facts."

Reports about a source code leak emerged earlier this week, following a post on Pastebin claiming source code for Norton Antivirus was stolen. However, the claims turned out to be false.

That post contained a document from 28 April 1999 defining the Application Programming Interface (API) for the Definition Generation Service. "This document explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present," Symantec's senior manager for corporate communications Cris Paden said yesterday evening.

However, the same group behind that posting made a second claim about additional source code.

Then this morning Symantec confirmed certain source code relating to its products had been accessed.

Hackers calling themselves The Lords of Dharmaraja threatened to publish the information online, a Google cache of a Pastebin post showed.

They claimed to have acquired the information from the Indian military.

"We are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies," the message read.

Rob Rachwald, director of security for Imperva, noted many Governments require source code from vendors to prove software isn't spyware.

Although the source code leak would be "quite embarrassing on Symantec's part," it should not cause major security concerns for customers, Rachwald said.

"The workings of most of the anti-virus' algorithms have also been studied already by hackers in order to write the malware that defeats them. A key benefit of having the source code could be in the hands of the competitors," he added in a blog post.

"If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself. But that is a big if and no one but Symantec knows what types of weaknesses hackers could find."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.