Skip to main content

Filed under:

Symantec source code stolen: the extortion, investigation, and release

Share this story

The source code for several Symantec products was stolen in a network breach in 2006. A weeks-long extortion attempt followed this past January, resulting in the release of the code for pcAnywhere on The Pirate Bay. We've got all the developments from Symantec, law-enforcement, and the hacker group for you right here.

  • Andrew Webster

    Mar 10, 2012

    Andrew Webster

    Anonymous releases source code for Norton AntiVirus 2006, Symantec says not to worry

    AntiSec Norton AntiVirus 2006
    AntiSec Norton AntiVirus 2006

    After a number of threats, hacker collective Anonymous has released what it claims is the source code for Symantec's Norton AntiVirus 2006. The code was allegedly stolen, along with the source for several other Symantec products, after a security breach back in 2006. A hacker group called "YamaTough" attempted to extort money from Symantec in exchange for destroying the code back in February, and the alleged code for the company's pcAnywhere software was released on The Pirate Bay soon thereafter.

    Now AntiSec, an Anonymous affiliate, has released a 1.07GB file on TPB titled "Symantec Norton AntiVirus 2006 All Platform Source Code." As with the previous release, Symantec says that it is currently analyzing the code to determine its authenticity, and has told The Inquirer that it expects the code for Norton Internet Security 2006 to be released at some point as well. However, the company has also said that users shouldn't worry, as the stolen source was "old code" and that customers "will not be at an increased risk as a result of any further disclosure related to these 2006 products."

    Read Article >
  • Bryan Bishop

    Feb 8, 2012

    Bryan Bishop

    Symantec source code hacker: we always planned to release the stolen code

    Symantec Flags Stock 1024
    Symantec Flags Stock 1024

    Protracted extortion negotiations with a hacker threatening to release stolen source code for several Symantec products ended yesterday with the code for pcAnywhere surfacing on The Pirate Bay. While Symantec has claimed it never had any intention of paying the $50,000 fee, and that the negotiations were part of a law-enforcement operation, the hacker in question has now told Reuters that he was always going to release the code. "We tricked them into offering us a bribe so we could humiliate them," said YumaTough, thought to be part of the Anonymous-affiliated Lords of Dharamaja group.

    According to the report, Symantec is already expecting the source code for additional programs to be released by the group as well — Norton AntiVirus was one application mentioned in email exchanges between YumaTough and a law-enforcement official posing as a Symantec employee — but the company again reiterated that any such leaks wouldn't put their customers in danger. "As we have already stated publicly, this is old code," company spokesperson Cris Paden said, "and Symantec and Norton customers will not be at an increased risk as a result of any disclosure." The code was originally stolen in a network breach in 2006, but Symantec claims all current versions of its software will be immune to any attacks based upon vulnerabilities discovered in the 2006 versions.

    Read Article >
  • Bryan Bishop

    Feb 7, 2012

    Bryan Bishop

    Symantec source code held by hackers in $50,000 extortion attempt, may have been released into the wild

    Symantec logo
    Symantec logo

    Symantec has told Forbes that the "Sam Thomas" in the email exchanges isn't a real employee of Symantec at all, but rather a fictional persona used by an unnamed law-enforcement agency that has been conducting the negotiations as part of a sting operation. "When they came to us with what was for all intents and purposes extortion, we went to law enforcement," said Symantec spokesperson Cris Paden. "From that point on, we turned over the investigation to them." No matter what the strategy, it would appear that things have not gone as planned: a 1.27GB file purporting to be the pcAnywhere source code surfaced Monday on The Pirate Bay. Symantec is still analyzing the code to verify its authenticity, but claims that even in a worst case scenario any attacks based upon the 2006 source code would be easily avoided by current versions of its software. The stolen source code for Norton AntiVirus has yet to be spotted in the wild.

    Read Article >
  • Dante D'Orazio

    Jan 27, 2012

    Dante D'Orazio

    Symantec says it didn't know 2006 source code was stolen until now

    Symantec logo
    Symantec logo

    Symantec has been scrambling to address a security breach from 2006 that revealed some of its source code, and now it is addressing concerns over how it originally handled the incident. At issue is whether or not the company should have realized back in 2006 that its source code had been stolen.

    Symantec originally said that the stolen code only concerned four and five-year-old versions of some business-centric software, and since then the company admitted that corporate users of the company's pcAnywhere remote-access software should stop use of the program to minimize the possibility of a cyberattack. While the software vulnerabilities appear to be handled, some of the company's statements have made it sound like it was aware of the incident back in 2006 — and opted to cover it up.

    Read Article >
  • Adi Robertson

    Jan 25, 2012

    Adi Robertson

    Symantec warns users to disable pcAnywhere in wake of source code theft

    Several years after the theft of source code for several of its security products, Symantec has recommended that users of pcAnywhere, which allows users to remotely connect to another computer, disable the software until further notice. In a security white paper (PDF), the company said it believes a 2006 security breach exposed source code for several programs, including the corporate version of its popular Norton Antivirus software. However, only pcAnywhere is considered at risk of someone finding and exploiting vulnerabilities in the software. Symantec says that unless pcAnywhere use is absolutely vital, customers should block the ports that accept pcAnywhere connections and avoid using the software until "until Symantec releases a final set of software updates that resolve currently known vulnerability risks."

    This information isn't completely new — early this month, Symantec admitted that code for some older versions of its products had been stolen. At that time, however, the company said that since the products had been updated several times since, there was "no indication that the code disclosure impacts the functionality or security of Symantec's solutions." Then, last week, hackers who associate themselves with Anonymous began threatening to release source code for a number of Symantec products. Customers using most products should still be fine, but it looks like the source code hack has made Symantec more vulnerable than it previously believed.

    Read Article >
  • Nathan Ingraham

    Jan 7, 2012

    Nathan Ingraham

    Segment of Symantec source code stolen by hackers

    Symantec logo
    Symantec logo

    Symantec, makers of the widely-used Norton antivirus software, revealed that hackers have stolen segments of the source code for two of its business-focused products. However, the software affected, Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, is four and five years old (and Antivirus 10.2 is discontinued), so the company believes there's no threat to users: a Symantec Spokersperson said in an email that the company has "no indication that the code disclosure impacts the functionality or security of Symantec's solutions."

    This confirmation comes a day after the first report that hacker group known as "The Lords of Dharmaraja" stole unspecified source code and documentation. While Symantec said it has no reason to believe customer information was compromised, a director at security firm Imperva noted that hackers could use this code to help find vulnerabilities in Symantec's more current software. Fortunately, consumers running Norton should have nothing to worry about, but it's still a good reminder to update your antivirus definitions.

    Read Article >