Symantec Customers at Risk Thanks to Source Code Theft

The idea of being hacked is a scary one, and the importance of protecting your computer from viruses and malware can’t be understated. It’s even scarier to think about what could happen if a security software manufacturer got hacked. Unfortunately, that’s exactly what happened to Symantec six years ago.

In 2006, hackers got their hands on the source codes for Symantec’s Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, Symantec spokesman Chris Paden told Reuters, as the company recanted its past denial and admitted that the hackers infiltrated its network. The hackers released the source code to a 2006 version of Norton Utilities a week before they announced their plans. Their reasons for releasing the codes so many years after the initial theft are as yet unknown.

Source code theft is a serious matter because the source code contains detailed instructions and notes that explain the design of the software. According to those who know a thing or two about software programming, despite the age of the codes, certain aspects of each software program could be vulnerable to attack unless Symantec’s latest versions are completely new. It’s like a writer who goes back every year and re-writes an article to fit the needs of a new publication. Certain aspects of the article remain unchanged while others have been altered or updated. The source codes of Symantec’s updated software have been rewritten in much the same way. So, although the risk to people who have the latest version of the software is infinitesimal, it does exist.

Users of Symantec’s pcAnywhere, which allows people to easily connect to computers or servers from remote locations, are the most at risk. According to Paden, the company is letting those customers know what happened and how to protect themselves.

Source codes are usually as heavily guarded as Fort Knox or the recipe for Coke. Only certain people have full access to them, thereby increasing the odds against internal corporate espionage at the hands of a disgruntled or greedy employee. Let’s face it, not every competitor can be counted on to be as honest as Pepsi. The people who stole Symantec’s source codes seem to have a different agenda from selling the codes to McAfee or Webroot or any of Symantec’s other competitors.

The hackers have a spokesman of their own named “Yama Tough,” and on Jan. 16, 2012, Yama Tough went on Twitter and promised to “release more code to the public … and pour mayhem,” according to Greg Keizer in his article for Computerworld.

The Internet is fraught with dangers, so everyone should have some sort of protection on his computer and mobile devices. But who protects the protectors? Nobody is safe from hackers, not even companies like Symantec. The good news is that the company did come forward to alert its most at-risk customers about the source code theft and told them how they can protect themselves from Yama Tough and his cohorts.