On Wednesday, an Indian group calling themselves the Lords of Dharmaraja, said they plan to publish Symantec source code discovered after they hacked servers maintained by India’s Military Intelligence. To prove their point, they posted some of the collected data.
The group said that they plan to publish everything taken from the Indian government, starting with what was accessed on the servers maintained by the intelligence sector. In addition to the Symantec data, the group claimed to have discovered “source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI.”
“Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies,” the group promoted.
Security firm Imperva commented on the group’s claims, noting that Indian group’s actions are an embarrassment on Symantec’s part.
“As a major DLP vendor, this is quite embarrassing on Symantec’s part. It’s reasonable to assume that the retrieval of such a list could be a result of the files residing on a test server, which was mistakenly exposed, or a posting to FTP which unintentionally became public. It also seems, if you trust the hackers' boasting, that the code was obtained from the Indian military. Many governments do require source code from vendors to prove the software isn't spyware,” commented Imperva’s Rob Rachwald.
“If the rumors turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers. After all, there isn’t much hackers can learn from the code which they hadn’t known before.”
As it turns out, the preview code and documentation released by the group is nothing special. Symantec’s Cris Paden said that the published data is from 1999, and explains how the software is designed to work. He added that Symantec was investigating claims made by the group, which threatened to publish the actual source code used by Norton Anti-Virus.
Examining the release, Paden’s observations are completely correct, as the document explains how to use Symantec’s API and nothing more. Thus, Symantec honestly has no reason to lose any sleep, as Rachwald explained. We’d go do far as to say this isn’t even embarrassing, because Symantec will share the API documentation with anyone who needs it, including governments.
At this point, the group has not made good on their publication threat.
Symantec has confirmed that the source code for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 has been obtained by the group. There is no word if it has actually been published. The code for SEP is four years old, the company said, and Symantec Antivirus has been discontinued. Customers still using SAV due to support contracts can expect to be contacted by Symantec as they figure things out.