Hackers Get Symantec Anti-Virus Source Code

Symantec has confirmed that hackers obtained source code to two of its enterprise security products and have released portions of it on the web, portending a worst-case scenario where its security software could be perused by hackers to devise ways to circumvent it.

“Symantec can confirm that a segment of its source code has been accessed,” the company said in a statement released Friday. “Symantec’s own network was not breached, but rather that of a third party entity.”

A hacker group calling itself the Lords of Dharmaraja claimed it uncovered the source code on servers belonging to India’s military intelligence agency.

“We have discovered within the Indian Spy Program source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI,” the hackers claimed in post published on Pastebin.

Symantec acknowledged that segments of source code that the hackers posted online and passed to reporters belonged to Symantec’s 2006 Endpoint Protection 11.0 and its discontinued Symantec Antivirus 10.2. Symantec’s Endpoint Protection is currently at version 12.0.

Although the products are not the most recent releases and are not the company’s flagship consumer products, if hackers obtained all of the source code and released it, it could be valuable to Symantec competitors and could also be used by hackers to search for vulnerabilities in the products that may be unpatched and therefore exploited.

Stuxnet, a sophisticated worm that sabotaged Iran’s uranium enrichment program, contained code that conducted extensive checks to determine what anti-virus products were installed on targeted machines in order to bypass them.

Photo: cytech/flickr