Symantec Confesses to P0wnage? Maybe Not?
Symantec has been p0wn3d according to hackers. And after strong denials of a penetration the hacker group came forward and promised to release PCAnywhere to blackhat for penetration testing. Suddenly Big Yellow sings a new tune and admits “yeah, maybe all our software was stolen or something.”
From Computerworld here:
Symantec backtracks, admits own network hacked- Warns pcAnywhere users they face increased risk, confirms theft of source code of prominent consumer programs
Symantec today backed away from earlier statements regarding the theft of source code of some of its flagship security products, now
Previously, Symantec had denied that its own network had been breached, and instead pointed fingers at an unnamed “third party entity” as the attack’s victim. Evidence posted by a hacker nicknamed “Yama Tough” — a self-proclaimed member of a gang calling itself “Lords of Dharmaraja” — indicated that the information was obtained from a server operated by the Indian government.
Two weeks ago, Symantec spokesman Cris Paden said that the hacker made off with source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, enterprise products between five and six years old.
Today, however, Paden said that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, had been stolen.
Yama Tough promised to release more than a gigabyte of the source code for Norton Antivirus — the hacker did not specify which version — but he said the group has since reconsidered.
“We’ve decided not to release code to the public until we get full of it,” Yama Tough wrote on Twitter Monday. “1st we’ll own evrthn we can by 0din’ the sym code & pour mayhem.”
In the message, “0din'” likely stands for “zero-daying,” meaning attacks launched against unpatched vulnerabilities.
Also on Monday, Yama Tough claimed that he had some or all of the source code for pcAnywhere, a multi-platform remote access suite that Symantec sells.
“PCAnywhere code is being released to blackhat community for 0d expltin!,” said Yama Tough, again on Twitter.
I love to crow as much as anyone about Symantec falling on its face, but this LoD Yama Tough guy keeps providing links to files that just don’t exist. If he is an uber haxor he seems to be doing it wrong. He may be just another yokel running around with a Guy Fawkes avatar who thinks they are l33t.
I think Symantec might be playing it safe by suggesting the attention to their files may bring concentrated efforts at cracking their software.
