Symantec confirms Norton Source Code Leak

symantecToday, Symantec confirmed that source codes of two of its old enterprise products were obtained by hackers.

The hack is assumed to be the work of an Indian group who call themselves ‘Lords of Dharmaraja’. Interestingly, the security breach did not take place directly at Symantec’s servers. Instead, the source code was obtained (along with other confidential documents) by hacking into an Indian Military server.

The group posted some details regarding the source code on Pastebin (which was taken down after the news spread) and has warned that they will be releasing the source code, once they overcome the blockade put forth by Indian and US agencies.

A hacker called ‘Yama Tough’ emailed the source file to the folks at InfoSec Island who in turn forwarded it to Symantec for verification. Yama Tough has also posted some screenshots of a confidential document about Cellular Surveillance.

Symantec, after verifying the file, posted the following response in their Facebook wall.

Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.

Although the leaked source code is of older products, what its repercussions are going to be for Symantec is yet to be seen.

Published by

Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6

  • Source code leaked by hackers – ok.
    It was obtained from Indian Military Servers – ???

    • Yes. This is what the original Pastebin post said

      As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI

      As I mentioned in the post, they have already posted some pics of a document.