September 29, 2016

Norton Source Code Was Stolen in 2006 According to Symantec

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” caused a stir recently when they claimed to have stolen the source code for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly denied the allegations say that the hackers had source code for for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are both more than five years old. However Symantec have now acknowledged that source code for a 2006 version its Norton security products did in fact get stolen.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006,” said Symantec spokesperson Cris Paden. “We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.”

“Due to the age of the exposed source code, except as specifically noted below, Symantec customers – including those running Norton products — should not be in any increased danger of cyber attacks resulting from this incident,” he continued. “Customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Affected products include:

  • Norton Antivirus Corporate Edition
  • Norton Internet Security
  • Norton SystemWorks (Norton Utilities and Norton GoBack)
  • pcAnywhere 12.0, 12.1 and 12.5
  • Symantec Endpoint Protection v11.0, which is four years old
  • Symantec AntiVirus v10.2, which is five years old code, and a product that has been discontinued

Symantec go on to say that “customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Confusion over Lords of Dharmaraja Hackers

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” came into the spotlight a few days ago when it claimed it had a copy of the source for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly clarified the situation and confirmed that the hackers had a) only access to some API documentation and b) did have some source code, but it was for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are both more than five years old.

What isn’t really appreciated is that this little known hacking group first came to the attention of authorities last year when it began posting documents including a memo that triggered a U.S. investigation into a possible cyber-attack by Indian military intelligence. It now appears as if that memo was fake, but the security breach was not.

Reuters has obtained a large digital cache what emails that were posted by the group before being taken down by sites like PasteBin. Many of these emails, which were sent between April and October of last year, were addressed to Bill Reinsch, a member of an official U.S. commission monitoring economic and cyber-security relations between the US and China. It now seems that the hackers created these memos simply to draw attention to their work, or to taint relations between India and the United States.

It is still unclear how Symantec’s source code ended up with the Lords of Dharmaraja.