Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
The long term effects of Symantec's Code Leak
1. SYMANTEC CODE RELEASED! SO WHAT?
What it means to users
The Lorenzi Group
(C) 2012 THE LORENZI GROUP LLC
2. SYMANTEC
• Largest maker of security software for computers in the world
• Based in Mountain View, CA USA
• Sample of Brand Names: Symantec, Norton, Ghost, Veritas, Endpoint,
• Publicly Traded: SYMC
• F500 and S&P 500
• Employees: +18,000
• Revenue: $6B
• NOTE: Symantec, Norton, Ghost, Veritas, & Endpoint are products and brand names own
by Symantec Corporation.
(C) 2012 THE LORENZI GROUP LLC
3. EVENT
• A hacker with the screen name “Yama Tough” from the Indian hacking group Lords of
Dhramaraja penetrated a 3rd party’s IT security (NOTE: This unconfirmed 3rd party
organization, held sensitive Symantec documentation) and stole the source code for
Symantec’s Endpoint and AntiVirus products.
(C) 2012 THE LORENZI GROUP LLC
4. RESULTS
• Confidential source code (the core software of the programs) has been released publicly
by the hackers and posted online.
• Symantec claims there will be little effect on users.
• Experts disagree with Symantec’s assessment that this is a minor event and that it will not
affect a significant amount of users.
(C) 2012 THE LORENZI GROUP LLC
5. WHY DO EXPERTS DISAGREE WITH SYMANTEC?
1. The software isn’t as old or out-dated as Symantec makes it appear
2. The software is currently being used by many organizations around the world
3. Most software today is built to be modular, meaning that pieces are created individually
and connected together using code. This is done to create more flexibility and reduce
design costs. It is unrealistic to think that some parts or all of this leaked code is not
being used in some format or style in current or future Symantec software.
4. Even if none of the code is used in current software, the leaked and posted
documentation gives hackers and professional criminals insight into the software
languages being used by Symantec, the format of the code, the Symantec coding
process, and ideas on how Symantec things about software security.
(C) 2012 THE LORENZI GROUP LLC
6. HOW DID THIS HAPPEN?
• Set it and Forget it Security:
• Symantec and it’s 3 rd party organizations set up AntiVirus, AntiSpyware, and
Firewalls and do not actively monitor them.
• Symantec does not have proper BAA’s (Business Associate Agreements) in place.
• Symantec does not properly audit 3 rd parties that hold confidential data
• Symantec and it’s 3 rd parties do not proactively monitor their networks and devices for
anomalies
• It is HIGHLY likely that “Yama Tough” or another member of Lords of Dhramaraja is an
employee of Symantec or it’s 3 rd party partner.
• Set It and Forget It Security is DEAD! Proactive monitoring of networks and devices
24x7, and the use of AV/AS software, Firewalls, and DLP devices, are the only way to
protect data today.
(C) 2012 THE LORENZI GROUP LLC
7. WHY YOU SHOULD CARE
• If you use Symantec software, you are at risk. NOTE: It can be ANY software from
Symantec, not just their AntiVirus software.
• If you have friends, family, peers, or interact with organizations that use Symantec
software, you are at risk.
• Expect to receive an increase of emails, posts, IM requests, and SPAM because of this.
Accidently clicking on any of these may expose your data.
(C) 2012 THE LORENZI GROUP LLC
8. WHAT YOU CAN DO
• Run all software updates for Operating Systems and Antivirus, AntiSpyware, and Firewall
software.
• Run Software and Firmware updates for Firewalls, DLP, and other security devices.
• Educate employees on the potential new wave of threats, their risks, and how to avoid
them.
• Begin evaluating AntiVirus software from vendors other than Symantec.
• Begin proactively monitoring all traffic on network devices, including those of remote and
mobile workers.
(C) 2012 THE LORENZI GROUP LLC
9. THE LORENZI GROUP
Digital Forensics
Data Security
Proactive Network & Device monitoring (Lorenzi ANM)
Research & Reputation Management
866-632-9880
www.thelorenzigroup.com
info@thelorenzigroup.com
(C) 2012 THE LORENZI GROUP LLC