Back in 2006 hackers managed to download source codes of Symantec software after successfully gaining access to Symantec’s infrastructure. The hackers managed to obtain Norton Antivirus Corporate Edition, Norton Utilities, Norton GoBack, pcAnywhere and Norton Internet Security source codes during the operation.
The incident came to light only recently, when hackers started to upload code sneak peeks and information to the Internet.
Symantec by then asked users of pcAnywhere to stop using the software to analyze and mitigate any arising risks. Symantec later on released a security recommendations whitepaper that described possible risk scenarios.
- The encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks, depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.
- A secondary risk: If a malicious user obtains the cryptographic key, they can launch unauthorized remote control sessions and thus access systems and sensitive data.
- If the cryptographic key itself is using Active Directory credentials, it is also possible for attackers to perpetrate other malicious activities on the network.
- In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.
- Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information, though it would still be difficult to actually interpret the data even if the pcAnywhere source code is released.
- For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks.
These information where later removed from the whitepaper after a patch had been issued.
The hackers in the meantime have released email correspondence on PasteBin. Here it gets a bit blurry as both sides apparently tried to broker a deal that would prevent the source codes from being released to the public. According to Symantec, it was a sting operation from the very beginning. The hackers on the other hand stated that they tried to “humiliate them” further.
A torrent of the source code has since then been released on the popular Bittorrent indexing site The Piratebay where it quickly climbed into the top 5 seeded files of the Misc category.
The hackers have already announced that they will also release the Norton Antivirus source code.
Should Norton and Symantec customers be worried about the source code release? Symantec stated that user’s who have upgraded the products to the latest version have nothing to worry about.
0 comments:
Post a Comment