News Stay informed about the latest enterprise technology news and product updates.

Symantec breach: Data breach basis of Norton source code leak

Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software.

Symantec is downplaying the significance of a breach of its systems in 2006 that resulted in the source code leak of its Norton Antivirus Corporate Edition, SystemWorks and pcAnywhere software.

The security giant said this week that the Symantec source code theft of the 2006-era software poses no risk to current Norton customers. As a result of the Symantec breach, the company is reaching out to pcAnywhere users with “remediation steps” to maintain the protection of their devices and information.

“Due to the age of the exposed source code, except as specifically noted below, Symantec customers – including those running Norton products – should not be in any increased danger of cyberattacks resulting from this incident,” said Cris Paden, senior manager of Symantec Corporate Communications.

The age of the source code severely limits the kind of attack that can be generated, Paden said. New security features in both Symantec and Norton products protect customers from any attack stemming from the old code.

We can definitively say users of [SEP 11 and SAV 10.2] face no cybersecurity risk from any attacks that might be generated by the code stolen in 2006
Cris Padensenior manager of Symantec

Earlier this month, Symantec confirmed an India-based group suspected of having close ties with Anonymous obtained the source code to Symantec Endpoint Protection 11 and Symantec Antivirus 10.2. The company is backtracking as a result of further evidence that the group is in possession of Norton source code, as it claimed in a post on the Pastebin website; the post has since been removed. Symantec initially thought the source of the leak was the computer systems of a "third party" and that its systems had not been penetrated.

“We can definitively say users of [SEP 11 and SAV 10.2] face no cybersecurity risk from any attacks that might be generated by the code stolen in 2006,” Paden said, acknowledging that the company’s earlier information was invalid.

Investigators revisit breach in hunt for wrongdoer

Paden told that an initial computer forensics investigation was inconclusive in 2006. The revelation of the early source code has caused Symantec to reopen the breach investigation. The company does not know if a rogue employee was to blame for the leak or if the company was penetrated by an external attacker.

“We revisited our records and logs from that time period based on the fact that all of the code that Anonymous claimed they had was for 2006 versions of software. From there, we were able to connect the dots that code actually was taken,” Paden said. “We have also not confirmed how the code came into the possession of Anonymous.”

Since the 2006 breach, Symantec said it has bolstered the security of its internal network by adding network monitoring, endpoint security and additional data loss protection technologies and controls.  “We also removed many non-essential legacy domains to ensure our overall network security and redeveloped our internal security awareness and training processes,” Paden said, stressing that the security improvements were not in response to the 2006 breach.

Dig Deeper on Data security breaches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.