Symantec Hack Exposes Antivirus Source Code
By Nicola Leske
(Reuters) - Symantec Corp, the top maker of security software, said hackers had exposed a chunk of its source code, which is essentially the blueprint for its products, potentially giving rivals some insight into the company's technology.
The developer of the popular Norton antivirus software said the hackers stole the code from a third party and that the company's own network had not been breached, nor had any customer information been affected.
The software maker would not confirm the claim of a group called the Lords of Dharmaraja, who said that they had obtained Symantec's source code by hacking the Indian military.
Some governments ask their security vendors to provide their source code to ensure there is nothing in the code that could act as spyware, said Rob Rachwald, director of security strategy at data security firm Imperva.
Microsoft Corp, for example, in 2003 began allowing governments including Russia and international organizations such as NATO to look at the source code for its Windows operating system to dispel rumors that it had a secret "back door" built in to let the U.S. government spy on its users.
Symantec downplayed the risks, saying the exposed code was several years old.
A software maker's intellectual property, specifically its source code, is its most precious asset. Symantec's Norton Internet Security is among the most popular software available to stop viruses, spyware, and online identity theft.
"The workings of most of the anti-virus' algorithms have also been studied already by hackers in order to write the malware that defeats them," Rachwald said in a blog on the Imperva website.
Unlike hackers who aim to get around firewalls and software protection, rivals could be more interested in having the source code to study the market leader's software, Rachwald said.
On Thursday, the Lords of Dharmaraja said on the information-sharing website pastebin that it would soon list a Norton antivirus source code package. A person using the handle "Yama Tough" posted several items in an effort to prove the group had accessed the code.
(Reporting by Nicola Leske in New York, additional reporting by Jim Finkle in Boston, editing by Matthew Lewis)
Full Article: Huffington Post