A 2006 cyber breach may have impaired Symantec's government customers

ZUMA Press/Newscom

Revelations this week that hackers stole the master keys to Symantec's antivirus programs in 2006 suggest the firm's former federal customers and current remote access users may be dealing with vulnerable software.

Reuters reported Tuesday that earlier this month hackers released some of the source code and planned to release more this week, although it wasn't clear why they were doing this six years after the theft, the news service said.

The maker of popular computer security products disclosed that intruders obtained the source code -- the underpinnings of software -- for Norton Antivirus Corporate Edition, which was used by government agencies. Of the compromised offerings, only pcAnywhere, which is not suited for organizationwide use, is still on the market. The tool allows one computer to remotely control another computer.

The Defense and Veterans Affairs departments have solicited pcAnywhere products , according to the government procurement website FedBizOpps.gov. The Defense, Veterans Affairs, Commerce, Homeland Security and State departments, along with the General Services Administration, all have purchased Symantec items since January 2006, the site states.

Symantec told Reuters on Tuesday that an investigation this month revealed the company's networks had been penetrated -- earlier this month the company maintained that hackers stole the code from a third party.

Current customers, including federal agencies and private companies, are no longer using the affected corporate edition because it is no longer sold or supported, according to Symantec spokesman Cris Paden. "No enterprise would be using an antivirus solution that can't be updated and hasn't been updated in years," he said.

Paden said Symantec has contacted users of pcAnywhere to instruct them on necessary precautions. The directions include installing "endpoint security" that protects points along a network accessed by remote devices. In addition, companies should set password retry limits to block users who surpass a certain number of login attempts and require users to create strong passwords .

All users, except those on pcAnywhere, are protected if they are using current versions of Symantec products, Paden said. "They don't need to upgrade or change software. Just make sure it's updated, which it will be particularly if the auto-update function is turned on," he added.

The other products targeted in 2006 include Norton SystemWorks, which has been discontinued, and Norton Internet Security, which was rewritten in 2009, he said.

Some computer security analysts say Symantec's current products likely contain elements of the robbed code unless the software has been completely overhauled.

Paden said the earlier code cannot be used to reengineer products or concoct fake updates. "And because the code is so old, it inherently limits the effectiveness of any attack that anyone would try to develop," he said. "They can try, but the attack itself will look like it's from 2006."

When asked if unauthorized users targeting agencies had taken advantage of the exploit, Paden said, "we have no indications at all that any cyberattacks have transpired as a result of the stolen code."

In a similar, although apparently more severe incident, hackers last year obtained intelligence from federal security contractor RSA that was later used to break into defense supplier Lockheed Martin Corp.'s networks.