December 11, 2016

Norton Source Code Was Stolen in 2006 According to Symantec

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” caused a stir recently when they claimed to have stolen the source code for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly denied the allegations say that the hackers had source code for for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are both more than five years old. However Symantec have now acknowledged that source code for a 2006 version its Norton security products did in fact get stolen.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006,” said Symantec spokesperson Cris Paden. “We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.”

“Due to the age of the exposed source code, except as specifically noted below, Symantec customers – including those running Norton products — should not be in any increased danger of cyber attacks resulting from this incident,” he continued. “Customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Affected products include:

  • Norton Antivirus Corporate Edition
  • Norton Internet Security
  • Norton SystemWorks (Norton Utilities and Norton GoBack)
  • pcAnywhere 12.0, 12.1 and 12.5
  • Symantec Endpoint Protection v11.0, which is four years old
  • Symantec AntiVirus v10.2, which is five years old code, and a product that has been discontinued

Symantec go on to say that “customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Confusion over Lords of Dharmaraja Hackers

(LiveHacking.Com) – The hacking group calling itself “Lords of Dharmaraja” came into the spotlight a few days ago when it claimed it had a copy of the source for Norton Antivirus. Symantec, the makers of Norton Antivirus, quickly clarified the situation and confirmed that the hackers had a) only access to some API documentation and b) did have some source code, but it was for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 which are both more than five years old.

What isn’t really appreciated is that this little known hacking group first came to the attention of authorities last year when it began posting documents including a memo that triggered a U.S. investigation into a possible cyber-attack by Indian military intelligence. It now appears as if that memo was fake, but the security breach was not.

Reuters has obtained a large digital cache what emails that were posted by the group before being taken down by sites like PasteBin. Many of these emails, which were sent between April and October of last year, were addressed to Bill Reinsch, a member of an official U.S. commission monitoring economic and cyber-security relations between the US and China. It now seems that the hackers created these memos simply to draw attention to their work, or to taint relations between India and the United States.

It is still unclear how Symantec’s source code ended up with the Lords of Dharmaraja.

Hackers Steal Source Code to Norton AntiVirus?

(LiveHacking.Com) – Symantec, the company behind Norton AntiVirus, has confirmed that a group of hackers has stolen portions of source code for two of its security products. The hackers, who call themselves The Lords of Dharmaraja, have posted at least twice to Pastebin claiming to have access to the source code for Norton Antivirus:

“Now we release confidential documentation we encountered of Symantec corporation and it’s Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.”

But according to a statement released from Symantec the information released is just a document from 1999, that describes an application programming interface (API) for the virus Definition Generation Service. “This document explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present,” Cris Paden, senior manager of corporate communication for Symantec told SecurityWeek.

Both posts have now been removed from Pastebin, which is quite unusual as it is normally a safe haven for hackers to post anything from stolen credit card numbers to cracked passwords.

The latest news from from Symantec, via SecurityWeek, is that the products in question are Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, and not any of its consumer products under the “Norton” branded. Further in a statement relased on Facebook Symantec said “The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity.”

Many governments require companies such as Symantec to submit their source code for inspection to prove they are not spying on the government. This is where the hackers could have got hold of the code. Comments posted by Yama Tough on Google+ and Pastebin seem to confirm this idea in that they suggest that the Symantec code was taken from an Indian government server.