Symantec reveals hacking and theft of source code

Symantec has admitted that it was breached six years ago, with the source code for its Norton software stolen.

According to Reuters, unknown hackers obtained the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. This was previously denied by Symantec, which said that a document from 28 April 1999 defining the appliance programming interface for Symantec's virus definition generation service was stolen, and never source code.

Symantec spokesman Cris Paden said on the time: “This document explains how the software is designed to work and contains function names, but there is no such thing as a actual source code present.”

However, Paden was forced to backtrack in this and admit that it were breached after an investigation revealed that the company's networks were compromised.

“We really needed to dig as far back as discover that this was actually section of a source code theft. We're still investigating exactly the way it was stolen,” he said.

“Symantec is currently within the means of reaching out to our pcAnywhere customers to lead them to acquainted with the location and to give remediation steps to keep the safety in their devices and knowledge.”

Paden insisted that the 2006 attack presented no threat to customers using the newest versions of Symantec's software, saying that users are protected from any kind of cyber attack that would materialise attributable to this code.

An alert by eEye Digital Security detected a worm that was actively exploiting a remote Symantec vulnerability originally in May 2006 and patched by Symantec on 12th June, 2006. It said: “This vulnerability was publicly exploited as early as November 30, but here is the primary example of a worm leveraging this vulnerability for self-propagation.”