Breach, Data Security, Vulnerability Management

Hackers say they have Symantec’s Norton AV source code

Hackers, possibly from India, claim they have lifted the source code for Symantec's Norton AntiVirus product, and are planning to post it.

A cyber gang calling itself "The Lords of Dharmaraja" promised to release the entire source code, but first issued what they said was a sneak peak, according to a Pastebin document, which has since been removed.The group said it stole the data by infiltrating servers belonging to an Indian military intelligence agency.

However, a Symantec spokesman said the document didn't include any proprietary programming language.

"It wasn't source code," Symantec's Cris Paden said Thursday evening in an email to SCMagazine.com. "It was a document from April 28, 1999 defining the application programming interface for [Symantec's virus] definition generation service. This document explains how the software is designed to work and contains function names, but there is no actual source code present."

That said, Symantec is reviewing this information to determine what impact its exposure may have.

But the hacker group, which said it discovered source code belonging to a dozen software companies according to a separate Pastebin document (cached here), claimed it was "working out mirrors as of now since we experience extreme pressure and censorship from U.S. and India government agencies."

Paden said Symantec was investigating these assertions.

"We can't speculate on exactly what they have and don't have, and we can't speculate on how they got the information," he said, adding that he doesn't think Symantec's systems were breached to obtain the purported booty.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.