
Symantec confirms theft of Norton AV source code by hackers
Firm reassures customers code at risk is old and mostly unused
Security vendor Symantec has admitted that a "segment" of its source code has been compromised after hackers claimed to have gained access to the information by attacking Indian military servers using its products.
A post on Pastebin, which has been removed but remains in the form of a Google cache, claims that the information relates to Symantec's Norton AntiVirus software and will be released online in the near future.
The security company said it was working to identify how the information had been accessed. However, it said the code in question was only used in "two older enterprise products", one of which is now discontinued, while the code itself was "four or five years old".
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication the code disclosure impacts the functionality or security of Symantec's solutions," the company said.
"This does not affect Symantec's Norton products for our consumer customers. Symantec's own network was not breached, but rather that of a third-party entity."
Symantec added that it did not believe any customer information was at risk, but it was still investigating the possibility.
Despite the embarrassing aspect of the theft, security firm Imperva agreed that it was unlikely to concern those at Symantec too much.
"There isn't much hackers can learn from the code, which they hadn't known before," Imperva said.
"Most of the anti-virus product is based on attack signatures. By basing defences on signatures, malware authors continuously write malware to evade signature detection.
"Furthermore, malware versions continuously evolve in such a rate where signatures cannot keep up with them in the first place. The workings of most of the anti-virus algorithms have also been studied already by hackers in order to write the malware that defeats them."
The firm added that the theft could well have occurred from an attack on the Indian military, explaining that governments often demand access to the original source code of products to ensure they are not spyware.
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago