Symantec, the makers of Norton AntiVirus, has confirmed that a hacking group has gained access to some of the security product's source code.An Indian hacking group, calling itself the Lords of Dharmaraja, has threatened to publicly disclose the source code on the internet.
So far, there have been two claims related to Symantec's source code.
First, a document claiming to be confidential information related to Norton AntiVirus's source code was posted on Pastebin. Symantec says it has investigated the claim, and that - rather than source code - it was documentation dated from April 1999 related to an API (application programming interface) used by the product.
And secondly, the hacking group shared source code related to what appears to have been the 2006 version of Symantec's Norton AntiVirus product with journalists from Infosec Island.
A hacker called "Yama Tough", who appears to be acting as a spokesperson for the gang, posted the content to PasteBin.
The content on PasteBin has since been removed, and Yama Tough's Google+ posts deleted. The hackers claim that it is working on creating mirror sites for its content, as it has felt pressured and censored by US and Indian government agencies.
It's important to underline that there is presently no reason to believe that Symantec's own servers have been breached.
Instead, it appears that the data leak may have occurred on Indian government servers - and the implication is that Symantec, and perhaps other software companies, may have been required to supply their source code to the Indian authorities.
Furthermore, it is not clear if the source code which was accessed is relevant to up-to-date installations of Symantec's anti-virus products and thus customers may not be at risk.
Even if it was up-to-date source code, it may be of limited use to hackers and be used more as a "trophy scalp" for a hacking group intending to generate publicity for its grievances with the Indian authorities.
It's hard not to feel sympathy for Symantec - who appear to have been caught in the crossfire between a hacking gang and the Indian authorities.
Although Symantec customers may not be at risk, it's easy to see how the software company will feel bruised by the publicity that the Lords of Dharmaraja have generated through their hack.
