Symantec Confirms Hackers Breached Network in 2006

By Kevin Parrish
published

Symantec now admits that hackers accessed its network back in 2006 and stole the source code to numerous products.

Symantec spokesman Cris Paden said on Tuesday that unknown hackers breached its network back in 2006 and obtained the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. The news follows the release of Symantec's Norton Utilities source code on Friday by a hacker associated with Anonymous and Lords of Dharmaraja.

Previously Symantec said that some of its code had been lifted from the server of a third party, but after a thorough investigation, the security firm has discovered that its network had indeed been compromised after all. The only real threat at this time resides with customers using pcAnywhere, Symantec's software that facilitates remote access of PCs.

"Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information," the company reports.

The story regarding Symantec's leaked source code began just after the new year when hacker group Lords of Dharmaraja threatened to release the source code to Norton Antivirus. The group's original threat posted on Pastebin is now gone, but a Google cached version claims that the source code was retrieved during a hack of India's military and intelligence servers.

"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group stated.

Later Symatec admitted that it previously offered up the source code of its products in compliance with the Indian government so that officials could make sure the software didn't contain spyware or other malicious programs. Save for the firm's current caution with pcAnywhere as revealed on Tuesday, Symantec wasn't too worried about a possible code leak given the stolen software is six years old.

Yet that very factor may be why Lord of Dharmaraja and Yama Tough have resigned from releasing the Norton Antivirus source code on Tuesday. According to a Twitter post by Tough, they have decided not to go public with the 1.7 GB of source code "until we get full of it."

"1st we'll own evrthn we can by 0din' the sym code & pour mayhem," he said via Twitter.

There's speculation that Tough is referring to "zero daying," meaning that a surprise attack on the software could be in the works instead of an actual code release.

Kevin Parrish
15 Comments Comment from the forums
  • Inferno1217
    2006 and they are just now admitting this? I always steer clear of Symantec products. There are far better solutions out for consumers.
    Reply
  • house70
    Yes, a company that admits to a security breach "only" about 6 years later sounds very trustworthy...
    Reply
  • cryogenic
    Goodbye Symantec, it was nice knowing you! (sarcasm)
    Reply
  • svdb
    That's right, it's far better to trust all your sensitive data to a AV/FW made buy a small company in the Czech Republic! ;)
    Reply
  • jprahman
    @jacekring Keep in mind that this hacker group is based in India, and English probably isn't their 1st language, so I wouldn't doubt their intelligence just because of their English skills. And BTW, it's script kiddie, not tool boy.
    Reply
  • captaincharisma
    symantec proving once again why they are one of the worst computer companies ever. if anyone thinks norton is better than the rest then you obviously never tried anything else and are just ignorant
    Reply
  • freggo
    "The only real threat at this time resides with customers using pcAnywhere"

    Good to know that only their "PC remote access" software may be compromised.;
    Some security company you've got there, boys :-)

    /SARCASM


    Reply
  • Dacatak
    This is worrisome considering Symantec now owns VeriSign.
    Reply
  • cyberscan
    The only Norton product that I use is Norton Power Eraser. This piece of software is excellent for the one time removal of malware such as rootkits. Have not needed to use this except on computers people bring to me to fix.

    I use an old computer I purchased for about $20 as a firewall. ClamAV, HAVP, P3Scan, along with iptables provides my network with real time antivirus protection. In addition, I run Microsoft Security Essentials on each of the Windows boxen that are located behind the firewall. So far, there has not been any problem with this setup. However, I can also run Malwarebytes Antimalware on any computer on which I suspect malware. HAVP is configure to block all executables from being downloaded with the exception of update software. If anyone in my family wants to download software, I can do it for them after I check out the software to make sure that it is not malware.

    In addition, I perform regular Java, Flash, and Acrobat Reader software updates. I also disable Javascript in the Adobe pdf reader software. In addition, I recommend people use (Google) Chrome or Firefox as their default browser and Thunderbird for their email client.

    As a published author with three decades of I.T. experience, I do have to say that properly configured computers running free software are more secure than those where the owners depend on the latest whiz bang and expensive software to protect.
    Reply
  • tlmck
    Should I be worried? I mean it happened so recently. :lol:
    Reply