Hacker group threatens to release Symantec AV source code
Indian group has already posted documents on Symantec's AV technology
Computerworld - Symantec is investigating an Indian hacking group's claims that it accessed source code used in the company's flagship Norton Antivirus program.
A spokesman for the company on Thursday said that one claim by the group was false, while another is still being investigated.
Meanwhile, the Indian group, which calls itself Lords of Dharmaraja, has threatened to publicly disclose the source code shortly.
On Wednesday, the group posted on Pastebin what it claimed was confidential documentation related to Norton AntiVirus source code. A review of the material showed what appears to be a description of an application programming interface (API) for Symantec's AV product.
The group also posted what it claimed was the complete source code tree file for Norton Antivirus. That document appears to have been taken down.
'Yama Tough,' the hacker who posted the documents, released at least two more on Google+ allegedly related to Symantec source code. One of the documents appears to be a detailed technical overview of Norton Anti-Virus, Quarantine Server Packaging API Specification, v1.0. The other document, from 2000, describes a Symantec Immune System Gateway Array Setup technology.
Comments posted by Yama Tough on Google+ and on Pastebin suggest that the Symantec information was accessed from Indian government servers.
"As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI," Yama Tough said in one comment.
Another comment suggests that the hacking group is waiting to set up mirror sites before releasing the Symantec source code. "We are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies."
A Symantec spokesman today said that the hacking group has so far made two claims with regard to Symantec source code. One claim made yesterday has already been looked into, the spokesman said. "We investigated that and found that to not be true," the spokesman said. "It wasn't source code. It was a document from April 28, 1999 defining the Application Programming Interface (API) for the Definition Generation Service."
The document explains how the software is designed to work, but includes no actual source code, the spokesman said.
"However, a second claim has been made by the same group regarding additional source code and we're currently investigating that," he said. "For that one, we don't have any information to provide as of yet." the spokesman said.
Rob Rachwald, director of security strategy at security vendor Imperva said it is hard to know what to make of the hacking group's claims.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |