Symantec Source Code Released Today, Says Hacker
Anonymous promises to release the source code of Norton Utilities later today in celebration of the related class-action lawsuit filed against Symantec earlier this week.
On Friday, hacker Yama Tough, one of the "Anonymous Avengers of Indian Independence Frontier," said on Twitter that the hacktivist group will release on Friday stolen Norton Utilities source code to accompany the current class-action lawsuit filed against Symantec in California.
The news follows a similar threat last week made by the hacker group Lord of Dharmaraja who claimed to have retrieved the source code while raiding servers of the Indian Military Intelligence. The group posted the source code's documents as proof of their bounty, and promised to release the actual data once the download mirrors were established.
"We are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies," the group said.
Eventually Symantec confirmed that a segment of Norton's source code used in two of the older enterprise products was retrieved, one of which has been discontinued. However the company's own network wasn't breached in order to gain access to the code, but rather it was grabbed from a third party's server.
"We are still gathering information on the details and are not in a position to provide specifics on the third party involved," Symantec said last week. "Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
On Friday company spokesman Cris Paden said Symantec had no additional information, "particularly with regards to any new claims Anonymous is making."
On Tuesday, James Gross, a resident of the state of Washington, filed a class-action lawsuit in District Court in San Jose, California, against Symantec, accusing the security firm of using scareware tactics to sell its products. Scareware is typically malicious software used to scare consumers into buying products by making false claims in pop-up notifications like "you're PC is infected" or "your PC might be running too slow."
According to the lawsuit, Symantec allegedly distributes a trial version of Norton Utilities, PC Tools Registry Mechanic and PC Tools Performance Toolkit that uses a separate software scanner to diagnose the consumer's system. This scanner then reports that harmful errors, privacy errors and other problems exists on the PC even if the machine isn't experiencing those problems.
"The software is falsely informing the consumer that errors are high priority and in addition it is falsely informing the consumer that their overall system health and privacy health is low," said Chandler Givens, an attorney with Edelson McGuire LLP, the firm that filed the suit on behalf of Gross.
The lawsuit later labels Norton Utilities and PC Tools as forms of scareware. As previously mentioned, Norton Utilities is the source code Anonymous threatens to release sometime today.