Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code.
An Indian hacking group, calling itself the Lords of Dharmaraja, has threatened to publicly disclose the source code on the internet.
So far, there have been two claims related to Symantec's source code.
First, a document claiming to be confidential information related to Norton AntiVirus's source code was posted on Pastebin. Symantec says it has investigated the claim, and that - rather than source code - it was documentation dated from April 1999 related to an API (application programming interface) used by the product.
And secondly, the hacking group shared source code related to what appears to have been the 2006 version of Symantec's Norton AntiVirus product with journalists from Infosec Island.
Chris Paden, a Symantec spokesperson, confirmed to InfoSec Island that some of the firm's source code had been accessed:
"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity."
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved."
"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
"Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third party entity."
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
"However, Symantec is working to develop remediation process to ensure long-term protection for our customers' information. We will communicate that process once the steps have been finalized.
Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts."It's hard not to feel sympathy for Symantec - who appear to have been caught in the crossfire between a hacking gang and the Indian authorities.
Although Symantec customers may not be at risk, it's easy to see how the software company will feel bruised by the publicity that the Lords of Dharmaraja have generated through their hack.
No comments:
Post a Comment