Symantec says source code stolen in 2006 hack

Backtracking on earlier statements blaming a third party, the security software maker acknowledges that hackers infiltrated its own networks.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Jan. 17, 2012 4:13 p.m. PT

2 min read

Symantec said today that a 2006 security breach led to the theft of source code for some of its flagship products, backtracking on earlier statements that its network had not been hacked.

The security software maker, which had previously blamed the theft on a third party, acknowledged that hackers had infiltrated its own networks. The hackers obtained 2006-era source code for Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), and PCAnywhere, the company said in a statement.

"Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006," a Symantec representative said in a statement.

The software maker said that due to the age of the exposed source code, most Symantec customers are not in any increased danger of cyberattacks as a result of the code's theft. However, the company said users of its remote-access suite PCAnywhere may face a "slightly increased security risk," and that the company is in the process of notifying those users of the situation and providing them a remedy to protect their data.

The theft came to light earlier this month, when hackers claimed that they had accessed the source code for certain Symantec products, which Symantec identified as Symantec Endpoint Protection (SEP) 11.0 and Symantec Antivirus 10.2. Evidence suggested that hackers found the code after breaking into servers run by Indian military intelligence.

A hacker group calling itself Yama Tough and employing the mask of hacktivist group Anonymous in its Twitter avatar said in a tweet Saturday that it would release 1.7GB of source code for Norton Antivirus today. However, the group said in a tweet today that it had decided to delay the release:

"We've decided not to release code to the public until we get full of it =) 1st we'll own evrthn we can by 0din' the sym code & pour mayhem."

It is believed that "0din" stands for "zero-daying," the practice of attacking users of unpatched software.

Symantec said it has instituted a number of policies and procedures since 2006 to prevent a similar security breach from occurring again.