Symantec says some source code stolen, no customer information exposed

Anonymous masks
Image Credit: Rob Kints via Shutterstock

Anonymous masks

A group of Anonymous members based in India has stolen the source code for Symantec’s anti-virus software. The security company confirmed the attack today after viewing the small amount of code released by the group, Lords of Dharmaraja, this morning.

Symantec, which creates anti-virus software for businesses and consumers, discovered the potential hack on Wednesday when the group posted about its newest trophy on an Internet forum. At the time, Symantec believed only some documentation on source code for software built in 1999 was compromised. According to Symantec spokesperson Cris Paden, who spoke with VentureBeat over email, the cyber criminals posted a segment of code on the same forum, which led Symantec researchers to confirm the code’s theft. It turns out the source code is of two outdated enterprise-grade anti-virus products built just five or six years ago. No consumer products have been compromised.

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” said Paden. “Furthermore, there are no indications that customer information has been impacted or exposed at this time.”

This is the second attack focused on Internet security companies performed by the hacker collective, Anonymous. The group recently infiltrated the servers of security analyst firm Stratfor stealing over 9,000 credit card numbers and other personally identifiable information. At the time Anonymous threatened to use the credit cards to make donations to charities as part of its vigilante appearance. In general, Anonymous doesn’t have a unified agenda, but it seems embarrassing security companies by infiltrating them and stealing credit cards and code is the flavor of the week.

The two products in this attack, SAV 10.2 and SEP 11, have either died out or now run on new code. SAV 10.2 is still serviced by Symantec, but is retired software, no longer in production. SEP 11 has since been recoded to become SEP 12 and SEP 12.1. The company says its servers were not hit directly. Instead, the code was stolen from a third party source, which Paden says  Symantec is still looking into and cannot give out further details.

“Symantec is working to develop remediation process to ensure long-term protection for our customers’ information,” said Paden. “We will communicate that process once the steps have been finalized.”

Anonymous image via Shutterstock