Anonymous Threats Prompt Drastic Response From Symantec

By | Jan 27, 2012

In a move unheard of among technology and security experts, Symantec, maker of both the Norton line of antivirus products and remote-PC program pcAnywhere, has announced that not only was its security breached in 2006 by an unknown organization and portions of source code stolen, but that business users should pull stop using pcAnywhere until the company resolves its security issues. The warning comes after assertions by the hacker group Anonymous that it had Symantec's source code and was willing to exploit it.

A Story of Source Code

According to an article at ComputerWorld, Symantec's problems began in 2006 when an unknown hacker gained access to their system and stole source code. The company kept the information quiet until a hacker from the gang "Lords of Dharmaraja" began publishing chunks of the stolen information online earlier this month. Last week, the company acknowledged that its security had been breached.

The hacker who published the information also said that he was distributing the code to other groups, including Anonymous. By January 16, one of the most prolific members of the hacker group, anonymousSabu, Tweeted that "Lords of Dharmaraja has sent #antisec Symantec source codes for 0day-plundering." On January 24, Symantec recommended that business users disable pcAnywhere until "a final set of software updates that resolve currently known vulnerability risks."

A Matter of Symantecs

An official post by Symantec on their Web site acknowledges that both Norton and pcAnywhere are compromised, including versions 12.0, 12.1, 12.5 and pcAnywhere Thin Host. The company advises that business use the program only for "business critical purposes." All of the information made public by Symantec is quick to reassure customers that it has security precautions in place to ensure such theft never happens again and that no customer data has been accessed "at this time". The company also estimates that less than 5 percent of pre-release source codes were taken, and those came only from a very limited product line.

Despite the reassuring tone, however, the fact remains that not only did a security breach occur--six years ago--but that the public is only hearing about it now. While advertising data breaches isn't something a smart company does if it wants to stay competitive, the flaws in a system like pcAnywhere left Symantec with little choice but to advise extreme caution. Gloating, anoymousSabu said that his group had "reverse engineered their client to bypass authentication and [were] taking over corp pcanywhere servers." A speedy response was Symantec's only choice.

The Real Costs of Anywhere Access?

Symantec's pcAnywhere represents the very least of what cloud computing can do to improve access, but it also clearly shows the risks involved in letting users remotely tap into sensitive data. Breaches from an outside source may not be identified as such by programs designed to allow users entry from any location, and hacker groups already use burgeoning cloud networks to inconvenience enterprise businesses and governments.

For small and midsize businesses (SMBs), Symantec's problems represent real risk: While a hacker group like Anonymous would have little use for SMB data, that source code for remote-access applications was not only stolen but never mentioned until a serious potential breach became public knowledge means anyone with computer skill and the inclination could get access to data simply on a whim in the interim. It's no wonder security remains a top pripority for SMBs in 2012. Although cloud providers are closing obvious open doors, they are still clearly leaving the occasional window unlocked.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...