How India Steals US Technology? Symantec’s source code compromised on India’s military and intelligence servers

The hackers claimed to have discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers. A hacker group calling itself the Lords of Dharmaraja claims to have discovered Symantec’s source code in a hack it conducted on India’s military and intelligence servers. In a post  on Wednesday on the bulletin board Pastebin, the hackers wrote, “We have discovered within the Indian Spy Program source codes of a dozen software companies,” which they said had signed agreements with an Indian defense program and its Central Bureau of Investigation.

Symantec confirms hackers stole Norton source code

Friday 06 January 2012 12:03

Symantec has confirmed that hackers have stolen a segment of its source code for its Norton anti-virus software, but says the stolen code is from two older enterprise products, one of which has been discontinued.

“The code involved is four and five years old.  This does not affect Symantec’s Norton products for our consumer customers,” the company said in a statement.

Lords of Dharmaraja, an Indian industrial espionage group, “described the confidential workings of Symantec’s Norton Antivirus threat-detection product.”

A hacker group, which calls itself the Lords of Dharmaraja, posted a file on Pastebin that it said described the confidential workings of Symantec’s Norton Antivirus threat-detection product, and threatened to release the source code, according to theNew York Times.

In the post, which has since been removed, the hackers claimed to have discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers. Many governments do require source code from suppliers to prove the software is not spyware.

Symantec’s confirmed that a third party had been breached, but said it was still gathering information on the details and was not in a position to provide specifics on the third party involved.

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” Symantec said in a statement.

The company said there are no indications that customer information has been impacted or exposed, but Symantec is working to develop remediation process to ensure long-term protection for customers’ information.

The New York Times suggest that the stolen documentation, and any source code, could be exploited by hackers to corrupt the antivirus program or write malicious code that circumvents Norton’s product altogether, but security expert Amichai Shulman disagrees.

“Code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers,” he says.

According to Shulman, chief technology officer at Imperva, there is not much new hackers can learn from the code.

“Most of the anti-virus product is based on attack signatures. By basing defences on signatures, malware authors continuously write malware to evade signature detection,” he said.

As noted in Imperva’s blog on the Black Hole Exploit, only 30% of AV would have been effective, said Shulman as malware versions continuously evolve in such a rate where signatures cannot keep up with them.

“The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them,” he said.

According to Shulman, Symantec competitors are the most likely ones to benefit from having the source. Hackers would be able to exploit the actual program only if the source code is recent and they can find serious vulnerabilities, he said.

References

Ref 1

Ref 2

Comments are closed.

(will not be published)