Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.

Anonymous masks

A group of Anonymous members based in India has stolen the source code for Symantec’s anti-virus software. The security company confirmed the attack today after viewing the small amount of code released by the group, Lords of Dharmaraja, this morning.

Symantec, which creates anti-virus software for businesses and consumers, discovered the potential hack on Wednesday when the group posted about its newest trophy on an Internet forum. At the time, Symantec believed only some documentation on source code for software built in 1999 was compromised. According to Symantec spokesperson Cris Paden, who spoke with VentureBeat over email, the cyber criminals posted a segment of code on the same forum, which led Symantec researchers to confirm the code’s theft. It turns out the source code is of two outdated enterprise-grade anti-virus products built just five or six years ago. No consumer products have been compromised.

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” said Paden. “Furthermore, there are no indications that customer information has been impacted or exposed at this time.”

This is the second attack focused on Internet security companies performed by the hacker collective, Anonymous. The group recently infiltrated the servers of security analyst firm Stratfor stealing over 9,000 credit card numbers and other personally identifiable information. At the time Anonymous threatened to use the credit cards to make donations to charities as part of its vigilante appearance. In general, Anonymous doesn’t have a unified agenda, but it seems embarrassing security companies by infiltrating them and stealing credit cards and code is the flavor of the week.

The two products in this attack, SAV 10.2 and SEP 11, have either died out or now run on new code. SAV 10.2 is still serviced by Symantec, but is retired software, no longer in production. SEP 11 has since been recoded to become SEP 12 and SEP 12.1. The company says its servers were not hit directly. Instead, the code was stolen from a third party source, which Paden says  Symantec is still looking into and cannot give out further details.

“Symantec is working to develop remediation process to ensure long-term protection for our customers’ information,” said Paden. “We will communicate that process once the steps have been finalized.”

Anonymous image via Shutterstock


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform
  • networking features, and more
Become a member