Symantec breach: Data breach basis of Norton source code leak

Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software.

Symantec is downplaying the significance of a breach of its systems in 2006 that resulted in the source code leak of its Norton Antivirus Corporate Edition, SystemWorks and pcAnywhere software.

We can definitively say users of [SEP 11 and SAV 10.2] face no cybersecurity risk from any attacks that might be generated by the code stolen in 2006

Cris Paden, senior manager of Symantec

The security giant said this week that the Symantec source code theft of the 2006-era software poses no risk to current Norton customers. As a result of the Symantec breach, the company is reaching out to pcAnywhere users with “remediation steps” to maintain the protection of their devices and information.

“Due to the age of the exposed source code, except as specifically noted below, Symantec customers – including those running Norton products – should not be in any increased danger of cyberattacks resulting from this incident,” said Cris Paden, senior manager of Symantec Corporate Communications.

The age of the source code severely limits the kind of attack that can be generated, Paden said. New security features in both Symantec and Norton products protect customers from any attack stemming from the old code.

Earlier this month, Symantec confirmed an India-based group suspected of having close ties with Anonymous obtained the source code to Symantec Endpoint Protection 11 and Symantec Antivirus 10.2. The company is backtracking as a result of further evidence that the group is in possession of Norton source code, as it claimed in a post on the Pastebin website; the post has since been removed. Symantec initially thought the source of the leak was the computer systems of a "third party" and that its systems had not been penetrated.

“We can definitively say users of [SEP 11 and SAV 10.2] face no cybersecurity risk from any attacks that might be generated by the code stolen in 2006,” Paden said, acknowledging that the company’s earlier information was invalid.

Investigators revisit breach in hunt for wrongdoer
Paden told SearchSecurity.com that an initial computer forensics investigation was inconclusive in 2006. The revelation of the early source code has caused Symantec to reopen the breach investigation. The company does not know if a rogue employee was to blame for the leak or if the company was penetrated by an external attacker.

“We revisited our records and logs from that time period based on the fact that all of the code that Anonymous claimed they had was for 2006 versions of software. From there, we were able to connect the dots that code actually was taken,” Paden said. “We have also not confirmed how the code came into the possession of Anonymous.”

Since the 2006 breach, Symantec said it has bolstered the security of its internal network by adding network monitoring, endpoint security and additional data loss protection technologies and controls.  “We also removed many non-essential legacy domains to ensure our overall network security and redeveloped our internal security awareness and training processes,” Paden said, stressing that the security improvements were not in response to the 2006 breach.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close