Update: Symantec Hacked in 2006? Claim Raises More Questions
Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: "...an investigation into the matter had revealed that the company's networks had indeed been compromised"...
* * *
Update: “The Lords of Dharmaraja” may have decided to alter their announced plans to release source code for Symantec's PCAnywhere software and the Norton antivirus.
YamaTough tweeted "Heil to our brothers @#antisec who support us. PCAnywhere code is being released to blackhat community for 0d expltin!" along with "We've decided not to release code to the public until we get full of it =) 1st we'll own evrthn we can by 0din' the sym code & pour mayhem."
Infosec Island asked the hacktivist for clarification, to which he replied, "it wil be but not as public release a decision was made to 0day everything we got and than make it public."
Infosec Island is currently seeking further clarification on the hacktivist group's plans.
* * *
YamaTough, the spokesperson for the hacktivist group “The Lords of Dharmaraja”, has informed Infosec Island of plans to release source code for Symantec's PCAnywhere software.
The release is to be made prior to the threatened exposure of the full source code for the 2006 version of Symantec's Norton antivirus, and the releases will apparently be coordinated through the defacto-leader of the Anonymous movement known as "Sabu":
"Lords of Dharmaraja has sent #antisec Symantec source codes for 0day-plundering. All your NU+PCAnywhere base are belong to us. Release soon," Sabu tweeted on Monday, January 16, 2012.
"This coming Tuesday behold the full Norton Antivirus 1,7Gb src, the rest will follow," YamTough had tweeted on Saturday, January 14, 2012.
The group claims that the release will demonstrate that newer releases of the remote access tool are simply re-packaged versions of previous releases with little in the way of significant changes to the software.
"Weve got some nice things resolved with other companies they are not that slow thinking as symantec but now we know that they fool people aroung by selling them software which is not rebuilt but only have nice wrapper and a few new features - PCAnywhere 2Gb code will be prior to NAV full. And Sabu shall take care of it," YamaTough told Infosec Island (quote remains unedited for grammar).
On Friday January 13, 2012, the group claimed to have released the source code for Symantec's Norton Utilities, as had been threatened earlier in the day in an Infosec Island article comment thread:
"Today we release Norton Utilities to accompany Symantec lawsuit. Goodluck Mr.Gross with ya crusade =) Stay tuned for a link. Link will get published on our twitter, not here - of all respect to infosec staff," YamaTough posted.
The reference to "Mr. Gross" is related to a class action lawsuit filed James Gross which alleges Symantec has employed the use of "scareware" tactics to induce consumers to purchase the company's products.
Reports indicate the code that was released was for the 2006 version of the Symantec product:
“The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006,” Reuters quoted Symantec spokesman Cris Paden as stating.
The hacktivist previously provided Infosec Island 68 sets of usernames and passwords for compromised US government networks, as well as a file alleged to contain source code for Symantec’s Norton antivirus (NAV) software, which Symantec later confirmed was for older versions of the software dating from 2006.
Yamatough indicated that the data represented merely a “sample”, and the group may potentially have thousands of passwords for US government networks ranging from those of federal agencies to systems used by state and municipal entities.
The government network logins and source code sample, along with all communications with the hacktivist, were passed on to the proper authorities, and Infosec Island is continuing to fully cooperate with law enforcement in their investigation.
YamaTough also furnished Infosec Island with a series of statements regarding the group's recent exploits in an exclusive interview. The hacktivist group maintains claims that the information was obtained from servers owned and operated by various ministries of the Indian government.
The usernames and passwords provide strong evidence that the Indian government may be actively engaged in espionage directed against the US government.
YamaTough has also indicated the group is in possession of data from numerous companies other than Symantec, and they have yet to decide whether or not they will make the information public, though they have stated to Infosec Island that they may be inclined to do so.
More details on the source code dumps to follow as details emerge. Stay tuned...