Symantec: Hackers did steal code, but it's old
Symantec confirmed late Thursday that hackers did in fact compromise a portion of its source code, but the stolen code is related to two enterprise security products that have been discontinued.
The code belonged to Endpoint Protection 11.0 and Antivirus 10.2, which are four and five years old, respectively. Symantec's consumer security line, Norton, was not affected.
"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solution," the company said in a Facebook update. "Furthermore, there are no indications that customer information has been impacted or exposed at this time."
Symantec said an unnamed third-party network, not its own, was breached.
It is possible the hacked network belonged to India's military intelligence agency. On Thursday, a cyber gang named The Lords of Dharmaraja said it possessed source code belonging to a dozen software companies, according to a Pastebin document (cached here). A second document, which is no longer available, contained a sneak peak of the Symantec source code and promised a complete exposure.
A spokesman for the anti-virus company originally denied that any of the documents revealed code, but now the company confirms that one of them did include a segment of the programming language.
Experts said the age of the code will likely prevent misuse.
"In general, there isn't much hackers can learn from the code which they hadn't known before," Rob Rachwald, director of security strategy at Imperva, told SCMagazine.com in an email. "Why? Most of the anti-virus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection. With code that is four to five years old, chances are the software product has changed quite a bit, making the code even less useful."