Symantec: Breach Led to Source Code LeakHackers Back Off Threat to Reveal Code, for Now
Hackers apparently did not follow through on a threat to release on Tuesday a 6-year-old source code of Symantec's Norton antivirus software. Also Tuesday, Symantec admitted the theft of the source code resulted from a breach of its computer systems, a fact it had earlier denied.
See Also: The 5 Foundational DevOps Practices
"We've decided not to release code to the public until we get full of it =) 1st we'll own evrthn we can by 0din' the sym code & pour mayhem," according to a posting on Twitter with the moniker YamaTough, who claims to be a member of the hacking group known as The Lords of Dharmaraja.
"0din" might stand for the term "zero-daying" referring to attacks that exploit computer application vulnerabilities that are unknown to the application developer.
In a blog posting on Jan. 6, Symantec said it was investigating claims by The Lords of Dharmaraja that it had stolen Symantec source code and documentation from the servers of Indian intelligence agencies, along with intellectual property from other software companies that have contracts with the Indian government.
According to a Reuters report on Tuesday, Symantec said a 2006 breach led to the theft of the source code to its flagship Norton security software, reversing its previous position that it had not been hacked.
A Symantec spokesman told the news service that the unknown hackers obtained the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere.
The 6-year-old attack presented no threat to customers using the most recent versions of Symantec's software, the spokesman told Reuters, adding: "They are protected against any type of cyberattack that might materialize as a result of this code."
Still, one expert said hackers could use the old source code to work out ways to beat protections built into newer software.