Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Hacker group threatens to release Symantec AV source code

Indian group has already posted documents on Symantec's AV technology

Symantec is investigating an Indian hacking group's claims that it accessed source code used in the company's flagship Norton Antivirus program.

A spokesman for the company on Thursday said that one claim by the group was false, while another is still being investigated.

Meanwhile, the Indian group, which calls itself Lords of Dharmaraja, has threatened to publicly disclose the source code shortly.

On Wednesday, the group posted on Pastebin what it claimed was confidential documentation related to Norton AntiVirus source code. A review of the material showed what appears to be a description of an application programming interface (API) for Symantec's AV product.

The group also posted what it claimed was the complete source code tree file for Norton Antivirus. That document appears to have been taken down.

'Yama Tough,' the hacker who posted the documents, released at least two more on Google+ allegedly related to Symantec source code. One of the documents appears to be a detailed technical overview of Norton Anti-Virus, Quarantine Server Packaging API Specification, v1.0. The other document, from 2000, describes a Symantec Immune System Gateway Array Setup technology.

Comments posted by Yama Tough on Google+ and on Pastebin suggest that the Symantec information was accessed from Indian government servers.

"As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI," Yama Tough said in one comment.

Another comment suggests that the hacking group is waiting to set up mirror sites before releasing the Symantec source code. "We are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies."

A Symantec spokesman today said that the hacking group has so far made two claims with regard to Symantec source code. One claim made yesterday has already been looked into, the spokesman said. "We investigated that and found that to not be true," the spokesman said. "It wasn't source code. It was a document from April 28, 1999 defining the Application Programming Interface (API) for the Definition Generation Service."

The document explains how the software is designed to work, but includes no actual source code, the spokesman said.

"However, a second claim has been made by the same group regarding additional source code and we're currently investigating that," he said. "For that one, we don't have any information to provide as of yet." the spokesman said.

Rob Rachwald, director of security strategy at security vendor Imperva said it is hard to know what to make of the hacking group's claims.

"We don't know how much of this is chest thumping" on the part of the hackers, Rachwald said. The source code tree file posted on Pastebin suggests the group has some potentially useful information related to Symantec's AV product, he said. "It is a good indicator, but not a perfect one."

Even if the group has managed to access Symantec's source code, it's unlikely to be very useful if the code is old, Rachwald said. "It might be useful in understanding what Symantec was trying to do" with its AV products, but little else, he said.

However, Symantec could face serious issues if the source code the hackers allege to have accessed is fresh, Rachwald added.

In that case, "Symantec will have to make some major changes" to its antivirus technology, Rachwald said. A mere patch would not be enough to address the issues created by a source code compromise.

"They would have to issue a whole body cast, not a patch," he said. "They will have to reissue the product in some format and that could be very problematic for them."

Competitors could also benefit from a Symantec source code leak because it would give them an unprecedented glimpse into how the software works, he said.

Rachwald said it's likely the Indian hackers obtained the source code from an Indian government server. Often, software companies such as Symantec are required to submit their source code to government bodies to prove they are not spying on the government, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Gateway, Gateway, Google, Imperva, Norton, Symantec, Topic
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Cybercrime and Hacking, Gateway, Google, Intel, security, Security Hardware and Software, symantec
Latest Blog Posts
Whitepapers
  • Becoming a Social Business
    As global business accelerates ever faster and companies work to quickly respond to customer demands, competitive threats and rapidly evolving trends, the richness and efficiency of social collaboration plays a key role in enabling future success. The challenge then is finding the best approach. Read on.
    Learn more »
  • Case Study: Svenska Kraftnät safeguards web and ensures communication security with Clearswift
    Energy producers from surrounding countries load power onto the Swedish National Grid’s network, with energy suppliers then paying the Swedish National Grid to load onto their grids for them to sell-on to customers. Using Clearswift’s Email Appliance, and MIMEsweeper for SMTP means that the organisation has safe and resilient email helping them to meet their goal of providing a safe, robust, cost-effective and environmentally sound energy transmission system.
    Learn more »
  • Rapid achievement of employee productivity gains in a modern workforce
    The last few years have seen explosive innovation in the ways that users interact with software applications, resulting in a huge surge in the adoption of tablet, smartphone, and web based social applications. Fortunately there are some simple incremental steps that any organisation can take to transition to a more people centric communications system, while lifting employee productivity. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.