Indian hacker lords have Symantec antivirus code

Jan 07, 2012 by Nancy Owano report

(PhysOrg.com) -- An Indian hacker group called The Lords of Dharmaraja has laid claim to Symantec’s antivirus software code. Symantec, confirming the theft in an e-mail posted Friday, said the chunk of pilfered code was stolen from a third party, was old, and that its own network had not been breached. The group had announced they got the code and confidential information. "Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued," according to a spokesman for Symantec.

The stolen code is four to five years old and the Mountain View, California, company stressed that the there were no signs that customer information had been tampered with, and they stated that their own security networks had not been breached.

The Lords of Dharmaraja say they took the files from Indian military intelligence servers.

A hacker from the group, Yama Tough, provided security site Infosec Island with files that appeared to contain from the 2006 version of Norton Antivirus. The site passed the code on to Symantec, which confirmed that the code was genuine. Symantec also pointed out that the exposed source code corresponded to its enterprise products.

Outside Symantec, reports said that the hackers gained access to source code related to Symantec Endpoint Protection (SEP) 11.0 and Symantec Antivirus 10.2; both were reportedly sitting on the Indian military servers. The Symantec Antivirus 10.2 was five years old and was discontinued but, according to Reuters, is still being serviced. SEP 11.0, utilized to block outgoing data from being leaked, was four years old and had been updated regularly since.

Security experts outside the company appear to concur with Symantec that the incident is unwelcome but not catastrophic. Fundamentally, the reaction was that there was not much the hackers could do with what they got.

“As someone who worked in the industry, I don't see a tremendous security risk to the source code release itself,” said contributor Kevin McAleavey, architect of the KNOS secure operating system and antimalware researcher, in Infosec Island.

He said the code was pre-Vista, was not 64-bit compatible, and the newer safe functions were not in use. Looking the code over, he concluded that it was indeed “genuine source code from an ancient version of their antivirus,” but at the same time could only be looked upon “by us antimalware coders as a museum exhibit, not an actual threat."

While security watchers did not see any serious consumer risks, the question being asked is, whether it is trophy, museum piece, or act of breach, however termed, but at what enterprise-business price? Analysts say that any hacker publicity involving a security software company can never be an easy ride for the affected vendor.

Explore further: Software provides a clear overview in long documents

Related Stories

Recommended for you

Chinese smartphone makers win as market swells

5 hours ago

Chinese smartphone makers racked up big gains as the global market for Internet-linked handsets grew to record levels in the second quarter, International Data Corp said Tuesday.

Full appeals court upholds labels on meat packages

5 hours ago

(AP)—A federal appeals court has upheld new government rules that require labels on packaged steaks, ribs and other cuts of meat to say where the animals were born, raised and slaughtered.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

btb101
Jan 07, 2012
This comment has been removed by a moderator.
gwrede
2 / 5 (3) Jan 07, 2012
Well, if nothing else, we will at least see a profound change in how "virus" software and antivirus software will compete in the next few years.

While earlier the competition and staple action was between viruses and anti-virus products, we now will increasingly see the action and battle of anarchist groups vs the establishment in headlines. Personally, I believe that there will be a proliferation of whistle-blower sites, a-groups aspiring for global fame for their "robin-hoodian" endeavours, the old anti-virus companies trying to establish a foothold in the new environment, and young people living and embracing this new environment before we older folks even understand there's been a change.
Argiod
1.8 / 5 (4) Jan 08, 2012
...old code or not, this shows that somebody got past Symantec's current A/V software to get at it...
So, if Symantec cannot effectively keep hackers out if IT'S files... how well will their software protect OUR systems?
Manhar
1 / 5 (1) Feb 14, 2012
It is surprising that Indian hackers reached to this stage. India is heavily corrupted country and these hackers can be brought to trial easily. However along with name Dharmaraja in to bracket DAVID should have clarifid the meaning of the name.