Hackers steal Symantec source code

Symantec is really regretting allowing the Indian government covert or overt access to its source code.

According to SecurityWeek, a team of hackers have accessed source code related to Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 sitting on the Indian mililtary intelligence servers.

It is not clear how James Patel of the Indian Secret Service got his paws on the source code, and it looks like they may have even handed the code over for testing before being given a lucrative government contract.

The hacker group, operating under the name Dharmaraja, said that within the Indian Spy Programme are the source codes of a dozen software companies which have signed agreements with the Indian TANCS programme and CBI.

The hackers have shown a document dated April 28, 1999, that Symantec describes as defining the application programming interface  for the virus Definition Generation Service.

Cris Paden, senior manager of corporate communication for Symantec, told SecurityWeek that while this explains how the software is designed to work and contains function names, there is no actual source code present.

However, a second post entitled ‘Norton AV source code file list’ includes a list of file names reputedly contained within Norton AntiVirus source code package and Symantec said it was still in the process of analysing the data, but it looks like the source code has been pinched.

Rob Rachwald, Director of Security Strategy at Imperva said that there was not much hackers can learn from the code.

Most of the anti-virus product is based on attack signatures, and malware authors continuously write malware to evade signature detection, he said. Hackers could use the source code to search out and exploit vulnerabilities in the software itself but this would be a little trickier.

Competition in the cut-throat security industry would love to have the Symantec source code, SecurityWeek said.