Hackers Threaten to Reveal Norton Source Code, Symantec Shrugs

In a post on pastebin (which has been removed, though it is cached here), a hacker group called the Lords of Dharmaraja claimed that it hacked an Indian Military Intelligence server and snagged source codes from a dozen different companies, most notably (apparently) the source code to Symantec’s Norton Antivirus.

The group posted a file it said “describes the application programming interface specifications required for generating virus definitions automatically from the Immune System analysis center.”

Obviously, the ability to for cyber ne’er-do-wells to dig into one of Symantec’s flagship products (especially as users rely on it to ward off malware) and share the ability to do so with the public could be catastrophic for the company, not to mention some of its subscribers.

However, in an email to NYT’s Bits blog, a Synamtec spokesperson essentially shrugged off the hacker group’s threats, noting that the document they uncovered was from 1999 and doesn’t actually contain any source code. This, despite the group’s claims that is does indeed have the source code--making the 1999 document just a teaser--and apparently plans to release it soon.

Even if the group has source code from 1999, it would likely be fairly ancient by tech standards; the malware/antimalware war is one that moves quickly, with security professionals working fast to keep pace with malware makers, and vice versa. Having such code might be akin to finding the plans for an enemy tank that you’ve already captured and stripped to its frame; a helpful document, perhaps, but probably not one that spells doom for the other side.

Part of the original Lords of Dharmaraja post on pastebin

A post on the subject at Internet security company Imperva noted, “The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them. A key benefit of having the source code could be in the hands of the competitors.” Even so, one wonders if the same logic applies; this code may be old, worthless news even to Symantec’s competition.

It’s likely that only Symantec knows how much of a problem the release of this source code really is.

Regardless of what happens with Norton Antivirus, this story has a couple of other unsettling details. For one thing, it’s never a good sign when a government intelligence agency can be hacked by renegades. Furthermore, the Lords of Dharmaraja claimed to have pilfered the source code for a dozen companies total, which means that if they indeed have any code germane to current versions of important software, there are 11 other companies (and their customers) that need to watch out.