Symantec Confirms Anonymous Took Product Source Code


Symantec confirmed Friday that an India-based chapter of hacker collective Anonymous had accessed the network of an unidentified third party and had taken source code from two of its corporate security products.

The vendor said code samples provided Thursday to an online community of security professionals called Infosec Island were from two products: Symantec Endpoint Protection 11 and Symantec AntiVirus 10.2. The vendor supports the latter, but no longer sells it, while the former is currently on version 12.1. The code was four or five years old, according to Symantec.

"It would be very difficult to do anything with (the code), because it is so old," Symantec spokesman Cris Paden said.

Malware designed to take advantage of the code would only work on the older products. Therefore, hackers would have to find a company that had not updated its security software in years, an unlikely scenario. "They would have been annihilated a long time ago from cyber threats," Paden said.

Symantec claimed the theft did not indicate that source code in its current products could be taken. The software today is architected differently, so the techniques used to take code from the older products won't work, Paden said. "It's not possible that they would be able to access current-day code."

Infosec reported Friday that a hacker going by the alias YamaTough gave it a file that appeared to contain source code of the 2006 version of Symantec's consumer product Norton Antivirus. After analyzing the file, Symantec said it contained 1999 documentation describing how Norton Antivirus worked. There was no source code. "Hence, the claim was false," Paden said. Symantec identified the same Anonymous chapter as the source of the file, and said it was given to Infosec on Wednesday.