Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Looks Into Claims of Stolen Source Code

Posted by samzenpus on from the all-your-code-are-belong-to-us dept.

wiredmikey writes "A group of hackers claim to have stolen source code for Symantec's Norton Antivirus software. The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers. So far it's unclear if the claims are a significant threat, as the information posted thus far by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service. However, a second post entitled 'Norton AV source code file list' includes a list of file names reputedly contained within Norton AntiVirus source code package. Symantec said it is still in the process of analyzing the data in the second post." Update: 01/06 07:05 GMT by S : In a post to their Facebook page, Symantec has now said some of their source code was indeed accessed, but it was four or five years old.

31 of 116 comments (clear)

  1. Nope.. by Anonymous Coward · · Score: 5, Insightful

    Who would want anything they make?

    1. Re:Nope.. by Enigma23 · · Score: 5, Funny

      Maybe they're white hat hackers who will return the code in a vastly less bloated form?

      --
      Ceci n'est pas une .sig
    2. Re:Nope.. by oztiks · · Score: 2

      I'm working with an iPad here!! it's hard enough to type comments alone rather than having to check my grammar as well!

    3. Re:Nope.. by GameboyRMH · · Score: 4, Funny

      Imagine the poor black hat who only got this turd as loot. It's like breaking into a bank vault and finding out that it only had some smelly bath mats inside.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    4. Re:Nope.. by mortonda · · Score: 2

      Norton has long outclassed virus makers in terms of damage it does to a computer system; Now the virus makers know how to cause as much damage too!

    5. Re:Nope.. by Reverand+Dave · · Score: 2

      That's what I was thinking. To me it seems like breaking into a sewage treatment plant.

      --
      I got here through a series of tubes
  2. Symantec released a more up to date statement... by Anonymous Coward · · Score: 5, Informative

    ...on Facebook (yeah, I dunno). http://www.facebook.com/Symantec/posts/10150465997682876

    Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts

  3. Why does the Indian military have the source???? by Anonymous Coward · · Score: 4, Interesting

    Wow, so the Indian military works with major US vendors like Norton to spy on their own people (and I assume other countries people since it will be the same source????)

    I assume they have the source code so they can insert extra bits and dispatch spyware the next time Norton auto-updates?

    You get an auto-update, they get a spyware app into your PC. Is that it?
    I don't think the scandal here is that the source code was stolen, it is a scandal that Norton cooperates will military spyware!!

  4. Bleh! by SeaFox · · Score: 5, Funny

    Stealing source code from Symantec is like stealing your neighbor's garbage.

    1. Re:Bleh! by MightyMartian · · Score: 3, Interesting

      Ghost was a decent product. I stopped using it years ago in favor of Clonezilla.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Bleh! by Spy+Handler · · Score: 4, Interesting

      I also use clonezilla alot, and I agree it's a good product in terms of function. But it has the shit-worst user interface ever (for something that's at least moderately popular). Its UI looks like a badly copied version of the text menu from the mid-90's Slackware installer, I swear.

    3. Re:Bleh! by nmb3000 · · Score: 2

      Stealing source code from Symantec is like stealing your neighbor's garbage.

      Hey, maybe if the source is published publicly, some bright person(s) can improve it and issue a "fork" of Symantec's code :)

      All they probably have to do is remove a few speed up loops!

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
    4. Re:Bleh! by bejiitas_wrath · · Score: 2

      The old DOS Norton Utilities was a awesome product, with the Norton disk editor and other cool features, their products now are just bloat and nothing else. using common sense on the Internet can keep you safer than this product.

      --
      liberare massarum ex ignorantia, clausa descendit molestie.
    5. Re:Bleh! by dissy · · Score: 2

      Ghost was a decent product. I stopped using it years ago in favor of Clonezilla.

      Seconded. Clonezilla is an excellent Ghost replacement, and I even started getting the windows-only admins I work with turned on to it!

      If anyone is looking for an open source "corporate back-end Ghost", check out the FOG project. I've just begun deploying the infrastructure needed for it, but lets one backup and reimage a computer remotely using an awesome network boot method.

      They both take a little bit to get used to, but it's no worse then getting used to or working around the problems and quirks of Ghost (Like restoring a C: drive image to a secondary HD, and having it retain the D: or E: letter, and thus windows refusing to boot)

  5. Re:Huh, and this does...? by bmo · · Score: 3, Interesting

    They don't.

    1. Write virus code
    2. Load up a machine with the top 10 virus scanners.
    3. Load your virus code
    4. Let them scan.
    5. If they detect it, modify code and go to 3 else 6
    6. Release the hounds.

    --
    BMO

  6. I don't understand the implied risk by msobkow · · Score: 2

    Does the code include the keys that would be needed to inject bad/malware virus definitions, causing user's machines to delete files that weren't viruses? Does this open up some sort of command-and-control channel over users machines aside from that risk?

    --
    I do not fail; I succeed at finding out what does not work.
  7. Offshoring by happyhamster · · Score: 4, Insightful

    >>The group is operating under the name Dharmaraja
    >>...compromising Indian military intelligence servers.

    Dear Corporations, "Investors", and CEOs,

    Please do not hesitate to keep offshoring every bit of information and technology to the third world. The things you've seen so far are mosquito bites compared to the crap that will hit the fan if you keep "enhancing profits" for another decade or even less.

    Respectfully,
    Software Developer, a.k.a. the guy who actually has to work for a living.

    1. Re:Offshoring by jaa101 · · Score: 3, Interesting
      It doesn't sound like this falls into the offshoring category to me. Since the military is involved I guess they demanded the source to assure themselves that there were no backdoors. It doesn't seem an unreasonable step for any government (even/especially in the US) to take before using your software in a security context.

      The fun is in considering what recourse Symantec has. If they didn't have some really expensive penalty clause in the non-dislosure agreement that will have been involved here they'll be kicking themselves right now. They'll also be wishing they gave themselves some way to identify the source of the leak. Their smart move would have been to insert some minor changes, e.g., to indentation or comments, to make each version released to third parties unique and therefore traceable.

  8. Re:Why does the Indian military have the source??? by Aighearach · · Score: 4, Insightful

    Indeed, a lot of people seem to missing the bombshell here.

  9. Hunh? by symbolset · · Score: 3, Funny

    Stealing Symantec's source code is like stealing Typhoid Mary's soup.

    --
    Help stamp out iliturcy.
    1. Re:Hunh? by expo53d · · Score: 3, Funny
      I would be interesting to run grep through the source code. Bet you would find lines like:

      # This part slows down the computer if the license is not renewed

  10. Re:Why does the Indian military have the source??? by nmb3000 · · Score: 5, Informative

    Wow, so the Indian military works with major US vendors like Norton to spy on their own people (and I assume other countries people since it will be the same source????)

    I assume they have the source code so they can insert extra bits and dispatch spyware the next time Norton auto-updates?

    You get an auto-update, they get a spyware app into your PC. Is that it?
    I don't think the scandal here is that the source code was stolen, it is a scandal that Norton cooperates will military spyware!!

    Wow, +4 already? The tinfoils must be up and about today.

    Believe it or not, most major software vendors have licenses and policies in place (e.g., Microsoft) to allow sensitive institutions (governments, defense contractors, etc) access to their source code. The primary reason is actually the opposite of what you say. Customers such as the Indian government want to be able to see what's actually in the code before they agree to buy and install it on their own systems and network.

    Think of it as the 1% always getting to run open-source software because they have the clout to demand it (and under strict a NDA).

    Occupy Microsoft!

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  11. Re:Why does the Indian military have the source??? by rgbrenner · · Score: 5, Informative

    Wow... so many assumptions in one post.

    Don't you think the Indian military needs anti-virus software? Don't you think they would need to examine the source code before running software from an American company on potentially sensitive systems? And don't you think Symantec would give it to them to secure the contract?

  12. Re:Why does the Indian military have the source??? by darkmeridian · · Score: 4, Informative

    Actually, they probably want to audit the code for backdoors and other security vulnerabilities before deploying the software on their systems. A whole bunch of governments got snookered when Cryto AG sold closed-source encryption software with a backdoor that allowed the US government to easily break their communications. In particular, the NSA was rumored to have backdoored Crypto AG systems since the fifties, allowing the US government to spy on communications from such warm and fuzzy countries as Iran.

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  13. Re:Why does the Indian military have the source??? by Anonymous Coward · · Score: 2, Interesting

    I've always wondered about the efficacy of such programs. Yes they do have a license, but for obvious reasons the # of people that have access to it are much less than the number of developers, and not only that, the different organizations that have access to it are probably very limited in their ability to communicate, which means that you have a large number of people who each have to analyze large amounts of source, so their ability to really get a deep understanding of any individual part of the code is probably somewhat limited.

    Now compare this with open source, even though the # of eyes may be about the same(and yes I'm realistic, only a very, very tiny % of people actually comb through the source of an open source project, even a project like Linux), the ability to coordinate and specialize is much greater. I doubt there are very many people who pore through every change in the Linux kernel(aside from Linus of course), instead what you get is people who are very familiar with certain parts of the source and thus are more aware(and may have even been consulted on) changes in the code. Not to mention they can actually submit code themselves.

  14. Awesome by zerojoker · · Score: 5, Funny

    Finally someone can write a working uninstaller!

  15. Re:Outsourcing by TechMouse · · Score: 2

    that's what happens when you outsource your programmers to India.

    The Indian military outsources to India? Impressive.

  16. Here's to a brighter future! by BagOCrap · · Score: 3, Funny

    Hope these hackers can turn the source code into something useful.

    --
    -- Chaos, panic, pandemonium... My job here is done!
  17. A little perspective by Anonymous Coward · · Score: 2, Informative

    A lot of Symantec haters out there. Funny

    Lets put some things in to perspective here.

    1. Norton is a consumer product. SEP is the enterprise product - Two very different products with very different code and both have been re-written a couple of years ago. (Works a lot better than before and is less "bloated")
    2. I would very much doubt that a government defense organization would be purchasing a consumer product like Norton.
    3. The segments of code found are from SAV (last rolled out apporximatley 5 years ago and does not exist anymore ) and SEP 11 (released 4 years ago and is no longer sold as SEP 12.1 is the current version and this was re-written to include new technology)

    1. Re:A little perspective by Lumpy · · Score: 4, Interesting

      And both STILL are garbage. we saw a 200% speed increase on ALL our corperate Windows machines when we switched from SEP to the enterprise offering from ESET. The change was so dramatic that most of us did not believe that the ESET software was running.

      Honestly, SEP and Norton both needs to have even more rewrites because it's the joke of the Enterprise world in regards to performance and reliability.

      --
      Do not look at laser with remaining good eye.
  18. Oh Norton, how things have changed by AbRASiON · · Score: 2

    I've never told anyone this before, because it's horrifically tragically sad but I had a picture of Peter Norton torn out of a magazine pinned up near my PC when I was a kid 20 years ago. Yeah I was a complete nerd / geek, especially for performance and hardware.
    Back then Norton utilities 6 was the absoloute bees knees, speedisk for DOS is still the most thorough defragger I know of, full with file reorder was the option, it ensured 0 files were fragmented and this was in the days that exceedingly few files on the disk were set as read only / system. It genuinely improved performance significantly.

    Their tools were good for maybe 3 or 4 years more, possibly the first one or two Windows tools for 95 had some useful features lacking in the core OS but after that, what a shambles. To me, any machine with Norton utilities (Norton utilities NOT "Nortons utilities" while I'm at it) should pretty much be wiped clean :/