Indian Hackers: Threat to Symantec, Wreak Havoc
Bangalore: Symantec, one of the largest makers of security software, discovered a potential hack on Wednesday, January 4, 2012, when a large portion of confidential documentation associated with the Norton AntiVirus source code appeared on PasteBin (where Anonymous has been posting reports of its hacks, along with credit card information).
An Indian hacker group, the “Lords of Dharmaraja”, made two claims with regard to the information posted, one of which was false said a spokesperson for Symantec, as reported by Computer World.
The Lords of Dharmaraja declared to have gained access to Symantec’s source code which is the basic foundation for most of its security applications. A representative of the security giant however said, "It wasn't source code. It was a document from April 28, 1999 defining the Application Programming Interface (API) for the Definition.” The document reportedly explains the mechanism of the software, but doesn’t include any actual source code according to the company’s spokesperson.The second claim involving “additional source code” is currently under investigation. Reuters reported the developer of the popular Norton antivirus software saying that the hackers stole the code from a third party, thus not compromising any customer information remained unaffected since company's own network had not been breached.
Symantec would not confirm the claims that the hacker group had made about acquiring the source code via the Indian military. According to Reuters, Rob Rachwald, director of security strategy at data security firm Imperva said several governments in the world require security vendors’ source codes, in order to ensure that there is no component in code that could act as spyware.
“Yama Tough”, a member of the Indian hacker collective posted “As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI”, on Thursday and the group said that they would soon publish a Norton Antivirus source code package.Meanwhile, Christopher Sogohian, a security and Privacy Researcher tweeted about scanned documents from the Indian military on Imgur, the photo-sharing website. According to the tweet, and a report from ZDNet, the documents, (which were used for internal communications in the Indian Military) suggested Apple, RIM and Nokia provided them access to spy on the USCC (the US-China Economic and Security Review Commission).The documents contained extracts of emails sent by members of the USCC, and seeming proof that the Indian Department of Telecommunication requested the help of Interpol to decrypt messages from RIM’s Blackberry. RAW, India’s leading spy agency was recently granted permission by the Indian Government to access any citizen’s electronic communication.