Symantec, makers of Norton Antivirus, Norton Internet Security (and other Norton related products), as well as pcAnywhere, which allows users to access their work computer from home, have announced that they… wait for it… have been hacked by Anonymous and source code for some or all of these products have been stolen.
In case you don’t know who Anonymous is, it’s a group of infamous “anonymous” hackers that have been in the news because of their take-over of many government websites, including the Justice Department, as well as DOS attacks.
Although hackers could use the information about Norton Antivirus to create viruses to get around the antivirus software, this virus is likely to only work if the user is using Norton, and when the updates comes out for it, the source code will likely not be very useful.
However, what’s more damaging, and probably what Anonymous really wanted, was the source code for pcAnywhere. This product is used by many businesses and the purpose of the product is to allow an user to completely control another computer that has the product installed. If this isn’t a dream for a hacker, I don’t know what is. Normally, hackers are trying to install such viruses on the victims computers. They don’t have to install it, it’s already on millions of computers.
According to Symantec, they “released a patch that eliminates three known vulnerabilities” in pcAnywhere on January 23, but how many people have patched their version? Also note that once a hacker takes control of a business computer, anything that computer is allowed to do will be completely open to the hacker. This would include accessing private files on servers, changing passwords, creating new accounts and of course infecting other computers. All of which could continue to be of use to the hacker years after pcAnywhere is patched.
The big irony of a computer security company being hacked is obvious. What’s not so obvious are the ramifications of this breach, which might not be fully known for months, if ever.