The information security community was abuzz recently after a cybercriminal organization known as the Lords of Dharmaraja claimed to have stolen the source code underlying Symantec Security's antivirus software. Company officials came forward to confirm that these allegations were – at least in part – true.
According to PCWorld, the group may have been able to exploit vulnerabilities within India's intelligence infrastructure. As a result, Symantec could be one of many Indian government contractors to have their intellectual property exposed in the coming weeks.
"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian [government agencies]," the group revealed in a statement released to online forums. "Now we release confidential documentation we encountered of Symantec Corporation and it's Norton AntiVirus source code."
Upon viewing the hackers' release, Symantec senior manager of corporate communications Cris Paden immediately questioned the veracity of those claims, suggesting to PCWorld that the material was likely obtained from documents dating back to 1999. However, amid continuing investigations, the company has been forced to reexamine to gravity of the incident.
"Symantec can confirm that a segment of its source code has been accessed. Symantec's own network was not breached, but rather that of a third-party entity," Paden explained in a statement emailed to Infosec Island. "Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
Despite these assurances, it may be too early to determine the full impact of the illicit activity. According to Infosec Island, the hackers may still be holding onto more recent versions of the software's coding for their own personal use. Furthermore, the source of the breach could have serious implications for major corporations around the world.
The incident is a prime example of what Forbes staff writer Eric Savitz recently labeled the "$100 billion problem no one is talking about." Savitz suggested that, if current trends hold, data security woes will cost the U.S. economy $290 billion by 2018 as domestic intellectual property falls into the hands of foreign operatives.
Security News from SimplySecurity.com by Trend Micro