The hack is assumed to be the work of an Indian group who call themselves ‘Lords of Dharmaraja’. Interestingly, the security breach did not take place directly at Symantec’s servers. Instead, the source code was obtained (along with other confidential documents) by hacking into an Indian Military server.
The group posted some details regarding the source code on Pastebin (which was taken down after the news spread) and has warned that they will be releasing the source code, once they overcome the blockade put forth by Indian and US agencies.
A hacker called ‘Yama Tough’ emailed the source file to the folks at InfoSec Island who in turn forwarded it to Symantec for verification. Yama Tough has also posted some screenshots of a confidential document about Cellular Surveillance.
Symantec, after verifying the file, posted the following response in their Facebook wall.
Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.
Although the leaked source code is of older products, what its repercussions are going to be for Symantec is yet to be seen.