Hackers threaten to release Symantec source code tomorrow

Source: CNET

The hackers, who call themselves “Yama Tough” and employ the “Anonymous” mask in its Twitter avatar, said in a tweet Saturday it would release the 1.7GB source code on Tuesday, along with the message “the rest will follow…”

Several reports surfaced earlier this month that hackers had managed to access the source code for certain Symantec products. Symantec identified the products as Symantec Endpoint Protection (SEP) 11.0 and Symantec Antivirus 10.2 but said the attack did not affect any current Norton consumer products.

The hackers said they found the code after breaking into servers run by Indian military intelligence. The code was apparently left on there by mistake after Indian authorities inspected the sourced code to ensure it was secure, which is where the hackers found the code.

The group said in a Pastebin post that it had the “source codes of dozens of companies” and contained documentation describing the API procedures for Symantec’s virus definition generation service. The group’s post on the Pastebin site has since been removed, though a Google cached version still exists.

Symantec said in a statement to CNET sister site ZDNet that code posted to Pastebin was related to a 2006 version and is “no longer sold or supported.”

“The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities,” the company said in a statement.

Rob Rachwald, director of security strategy at Imperva, told CNET’s Lance Whitney that the incident was “embarrassing on Symantec’s part” but not likely to “keep the Symantec folks awake too late at night, and certainly not their customers.”

If the source code had been recent and the hackers were able to poke enough holes in it, then exploiting the software could be possible, noted Rachwald. But there’s not much they can learn from old code.