An Indian hacker group has made good on its threats to publish stolen Symantec source code. The disclosure comes after ransom negotiations -- which the company said involved law enforcement agencies on a $50,000 sting operation -- stalled.
A hacker that goes by the handle YamaTough, who is associated with an Indian group affiliated with Anonymous that is called the Lords of Dharmaraja, published the source code to Symantec's pcAnywhere. The software allows users to remotely access and control other computers. YamaTough appears to have published the code on Pirate Bay.
"Symantec can confirm that the source code for pcAnywhere has been posted publicly. It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to possess throughout the past few weeks," Symantec said in a statement. "Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since Jan. 23rd to protect pcAnywhere users against known vulnerabilities."
Get Patched Now
That said, Symantec is continuing to urge pcAnywhere customers to ensure that pcAnywhere version 12.5 is installed, apply all relevant patches that have been released and follow general best practices. And Symantec warned that there may be more fallout before the drama is over. Specifically, the firm expects Anonymous will post the rest of the code it has claimed to have in its possession.
"So far, they have posted code for the 2006 versions of Norton Utilities and pcAnywhere. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security," Symantec said. "As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products."
In all, four products were affected, including pcAnywhere, Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks. Symantec spokesman Cris Paden said of those four products, only pcAnywhere is still sold -- all of the others have been phased out and discontinued, or totally rebuilt.
What's Next in Security?
Should companies expect more extortion attempts and source code
publishing? Seeing as this particular extortion attempt was unsuccessful -- the hackers haven't made any money -- Graham Cluley, a senior security analyst at Sophos, said perhaps not.
Next question: Is this the beginning of a new trend in security threats or an isolated
incident? Or what is the lesson security researchers and enterprises alike can learn from the Symantec incidents?
"We don't know enough about how the hack -- which took place some years ago at Symantec -- happened, so it's hard to learn any useful lessons," Cluley said. "One thing is clear though -- all companies should be on their guard. If it can happen to companies as big as Symantec and RSA, it could happen to you. Make sure you have defenses in place to lower the chances of your firm being the next victim."