Network Associates denies hackers saw AV code

Network Associates hit back at claims that its antivirus source code was compromised by hackers who breached the firm's security systems earlier this week.

Jack Clark, European product manager at Network Associates, told vnunet.com: "No files or data were compromised by the hack."

The denial came after a group of crackers, called Insanity Zine Corp, claimed to "own" Network Associates' antivirus software. The group admitted cracking and vandalising two of the computer security giant's Brazilian sites, www.nai.com.br and www.mcafee.com.br.

Network Associates claimed the hackers did not penetrate any of its own websites, but only accessed sites hosted by a local contractor, Brazilian ISP Matrix.

Clark admitted that the security breach left the company red faced. "It's embarrassing. Using a local ISP was deemed to be a better solution at the time, as it was thought to give our Brazilian customers better performance. It appears that Matrix was slower responding to a published security vulnerability than we'd have liked them to have been," he said.

"We already had plans in place to bring the hosting of all our websites in-house. They have been accelerated and now all our servers are behind our own barriers," he added.

Matt Tomlinson, business development director at security consultant MIS, said: "If you're a security firm and you open up an international office, it is pretty naive to use a local hosting company.

"The market in South America is five to eight years behind the UK, and security is not perceived as such an important issue. This hack was the result of poor corporate decision making."

Richard Barber, technical adviser at Articom-Integralis, said Network Associates is by no means the only company that needs to review the security levels of its international partners.

"Often it appears that no security audits have been conducted at all, such as in the case of Network Associates," he said.