Symantec confirms hackers stole Norton source code

Symantec has confirmed that hackers have stolen a segment of its source code for its Norton anti-virus software, but says it is from two older enterprise products.

Symantec has confirmed that hackers have stolen a segment of its source code for its Norton anti-virus software, but says the stolen code is from two older enterprise products, one of which has been discontinued.

"The code involved is four and five years old.  This does not affect Symantec's Norton products for our consumer customers,” the company said in a statement.

A hacker group, which calls itself the Lords of Dharmaraja, posted a file on Pastebin that it said described the confidential workings of Symantec’s Norton Antivirus threat-detection product, and threatened to release the source code, according to the New York Times.

In the post, which has since been removed, the hackers claimed to have discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers. Many governments do require source code from suppliers to prove the software is not spyware. 

Symantec's confirmed that a third party had been breached, but said it was still gathering information on the details and was not in a position to provide specifics on the third party involved. 

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions,” Symantec said in a statement. 

The company said there are no indications that customer information has been impacted or exposed, but Symantec is working to develop remediation process to ensure long-term protection for customers' information. 

The New York Times suggest that the stolen documentation, and any source code, could be exploited by hackers to corrupt the antivirus program or write malicious code that circumvents Norton’s product altogether, but security expert Amichai Shulman disagrees.

“Code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers,” he says.

According to Shulman, chief technology officer at Imperva, there is not much new hackers can learn from the code.

“Most of the anti-virus product is based on attack signatures. By basing defences on signatures, malware authors continuously write malware to evade signature detection,” he said.

As noted in Imperva’s blog on the Black Hole Exploit, only 30% of AV would have been effective, said Shulman as malware versions continuously evolve in such a rate where signatures cannot keep up with them.

“The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them,” he said.

According to Shulman, Symantec competitors are the most likely ones to benefit from having the source. Hackers would be able to exploit the actual program only if the source code is recent and they can find serious vulnerabilities, he said.

Read more on IT suppliers