Symantec Admits It Was Hacked: Security Source Code Not Taken From Third-Party as Originally Stated

Just two weeks ago the security software maker Symantec, which manufacturers anti-virus and anti-spyware, announced that through a third party hackers had stolen 2006 source code to a version of its Norton antivirus software. Now, according to a Reuters report, Symantec has taken a step back and revealed that its own systems were hacked for the source code to be obtained -- not a third party system.

The hacker group with the name Yama Tough, according to Infosec Island, stole the source code, some of which was published last week with the threat of more to come. At the time when the group announced its hack, Infosec Island reported Symantec's Sr. Manager for Corporate Communications Cris Paden as saying:

"Symantec can confirm that a segment of its source code has been accessed.  Symantec’s own network was not breached, but rather that of a third party entity."

"We are still gathering information on the details and are not in a position to provide specifics on the third party involved."

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions.  Furthermore, there are no indications that customer information has been impacted or exposed at this time."

Why is source code theft such a big deal? As Reuters reports, source code is often considered "crown jewels of most software makers":

At some companies access is granted on an as-needed basis, with programmers allowed to view code only if it is related to the tasks they are assigned.

The reason for all the secrecy is that companies fear rivals could use the code to figure out the "secret sauce" behind their technology and that hackers could use it to plan attacks.

Reuters reported on Tuesday that it is unclear why hackers are revealing their 2006 breach now and Paden confirmed that the hackers having the source code is not a threat to more recent versions of the company's security software. At the same time though, Reuters reports ITIC analyst Laura DiDio as saying the hackers could use the old source code to hack into newer versions:

"What we are seeing from Symantec is 'Let's put the best public face on this,'" she said. "Unless Symantec wrote all new code from scratch, there are going to be elements of source code in there that are still relevant today."

But Paden told Reuters in a separate article that the newer source code does not contain any elements of the old.

As to Symantec's PCAnywhere source code, which the hackers claim to have obtained and have said they will release, Reuters reports Paden as saying there is a slight security risk associated with this code and that Symantec is working with customers using this code on protective measures.

In early January, when the hacking group provided Infosec Island with the 2006 Norton anti-virus source code, the hackers also issued 68 usernames and passwords to several U.S. government accounts. Infosec Island reports that the hackers claim to have obtained all this information from servers of the Indian government.