A hacker group named The Lords of Dharmaraja has managed to steal the source code of Norton anti-virus. Symantec, the anti-virus maker, has confirmed that hackers have stolen a “segment” of its flagship product. The group said it would make the source code available.
The firm said that the code relates to two older enterprise products, one of which is no longer in production. But it said the breach was on a third-party network rather than its own, and will “not affect any current Norton product”.
A Google cache of the hackers' post on Pastebin says, "As of now we start sharing with all our brothers and followers information from the Indian Militaty Intelligence servers."
It continues, "Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on."
The group claims it has the source code of a dozen software companies. The Symantec document posted is dated 28 April 1999 but doesn't contain any source code. Symantec has launched an investigation into the security breach and will provide updates when more facts and details are discovered. "Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers' information. We will communicate that process once the steps have been finalized," it said in a statement.
Rob Rachwald, director of security at Impervia, said that this breach is “quite embarrassing on Symantec’s part”. He added that should the source code be recent and hackers find serious vulnerabilities, it could be possible to exploit the product itself. “But that is a big if and no one but Symantec knows what types of weaknesses hackers could find”, he added.