Sunday, March 18, 2012

Norton Scientific Reviews: Symantec source code leaked by hackers

A group of hackers who call themselves the Lords of Dharmaraja, (and is associated with Anonymous) have published the source code of Symantec, a digital security firm know for the Norton antivirus program and pcAnywhere, raising concerns that others could exploit thesecurity holes and try to control the users computer.The release of the source code came after the 'extortion' attempt failed as Symantec did notcomply with their numerous deadlines.Negotiations through email messages between a representative of the hacker group,YamaTough, and someone from Symantec were also released online. The exchange of messages are about Symantec's offer to pay USD 50,000 for the hackers to stop disclosing thesource code and announce to the public that the whole Symantec hack was a fake, which madethem a subject of mockery for appearing to buy protection.Both sides admitted that their participation was just a trick.The hackers denied any extortion aim, saying that they never intended to take the money andwere going to publish the source code whatever happens; they simply want to humiliate them sothey played along. While Symantec said that they are not actually the one in communicationwith the hacker, but a law enforcement agent.The long negotiation worked to the favor of Symantec as they have been able to come up withpatches to theirNorton and pcAnywhere programs. Symantec has advised their users to stopusing the softwares in the meantime until they have issued more patches for them.Symantec released a statement saying that they have always been prepared for the leak of thesource code so they've made and distributed hotfixes on January to secure their users.The drawn-out negotiation is an obvious sign of a law enforcer on the other line. Delaying tacticsis one of their assets to obtain insight into the enemy. More importantly, it will create moretransactions where paper trail will be left along the way -- utilizing persons who have beeninvolved in the process and the records themselves to trace the suspects.It has been a common ploy of investigators like the FBI who deal with kidnappers or extortionists to break down the amount into several smaller payouts

Since 2006, Symantec has already suspected there has been a network breach but they werenot able to verify any data pilfering until recently when the hackers threatened them to releasethe source code of Norton.There are further reports saying that the source code of Symantec was stolen from servers of India's intelligence and military department. (They alleges that Symantec has previously givenIndia the code to guarantee the government that they contain no malicious program.) However,this was denied by Symantec -- they have already admitted that the theft happened in their ownservers and network.The security firm formerly said that the Indian group was also the one responsible for the 2006breach but retracted it today. They are now saying they're not sure who stole the source code in2006 and how they managed to get their hands on it.

No comments:

Post a Comment