Symantec hacked and tried to keep everyone quiet

Symantec has been in the media spotlight over the past 2 months since Indian hackers announced that they have full source code for some of Symantec’s flagship products.

Rather than writing about Symantec like traditional media do and make everyone feel sorry about them, let’s examine some facts and see if you should be really using Symantec products now that everything is out in the open.

What prompted me to write this article is Symantec’s latest blunder where they tried to negotiate with hackers (Lords of Dharmaraja) and offered them $50.000 just to keep quiet and not to release the source code publicly. It’s obvious from the style of writing and terms used in that negotiation that it was run by the FBI but the whole sting was run from Symantec’s IP addresses and for that they are guilty as hell and they should never be trusted again. “Symantec” also wanted Lords of Dharmaraja to release a statement that the group did not hack Symantec during 2006. As a non-technical user you might not see anything wrong with that but the impact on Symantec’s user base is huge and I just can’t believe that they want to sweep everything under the rug and let millions of users open to 0day vulnerabilities.

Some of the source code is from 2006. Symantec never publicly admitted that breach and they still claim that they don’t know how their source code was found on Indian Government servers. Just imagine how many exploits a talented team of government programmers could have developed over the past 6 years. Also consider that a recent ip scan found 1.4million  hosts worldwide running Symantec PC Anywhere software basically screaming hack me hack me!!. Many of those systems are Point of Sale systems accessible remotely by their support companies and staff and the implications are HUGE seeing that I’ve already found 2 active 0days posted on Twitter and the source code release is less than 12h old.

pcAnywhere source code was posted on The Pirate Bay torrent site some 12h ago and had already been downloaded more than 600 times.

The message says: "Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need" - #AntiSec #Anonymous
Spread and share!

If you are unfortunate enough to have pcAnywhere installed on your network or on your client PC’s I would suggest you to disable it immediately and switch to a different program before hackers find your publicly exposed machines running vulnerable software.

I was hoping that Symantec would be more open and transparent about this issue but all I see from them is attitude such as “lets accuse the bad guys” with headlines such as “‘Anonymous’ group attempted to extort a payment from Symantec” rather than to tell people we messed up, this is how it happened, what’s at risk and you shouldn’t really be using our software anymore.

Lords of Dharmaraja  are expected to release other source code in their possession such as 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. Meanwhile Symantec is still claiming that their software is safe as long as it’s patched. God help us all, let us all buy Symantec products because they are safe. What a fool I was for worrying for no reason.

Follow YamaTough on Twitter (Lords of Dharmaraja)
Logo by Freelancer00

Article by: Adam Moskin