The case of the stolen Symantec software is getting curiouser and curiouser.
Earlier this month, a new Indian hacking group calling itself the Lords of Dharmaraja claimed to have stolen the source code for Symantec anti-virus software from Indian military-intelligence servers. Symantec first denied the code was legitimate, then admitted it was, but said the code had been taken from someone other than Symantec.
Later, the Lords of Dharmaraja showed off purported Indian internal intelligence memos that implied Apple, Nokia and BlackBerry maker Research In Motion had given India "backdoors" to decrypt emails sent from their smartphones. The memos included examples of emails sent between U.S. government staffers. (The smartphone makers have denied the allegations.)
Now Symantec has done another U-turn. It tells Reuters that the stolen code was in fact taken from Symantec servers, that the code pertained to more software than originally admitted — and that it happened six years ago.
And unnamed American intelligence officials in a different Reuters story say the emails were probably stolen by Chinese, not Indian, hackers.
Instead of code pertaining to Symantec business-market software, the hackers got hold of code for the consumer products Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, Symantec spokesman Cris Paden told Reuters.
An internal investigation following the Lords of Dharmaraja postings apparently revealed that Symantec's networks had been penetrated in 2006.
Paden assured Reuters that customers of current Norton software were at no risk, but that users of pcAnywhere faced "a slightly increased security risk."
As for the intelligence memos, Reuters said U.S. officials who wish to remain anonymous think the emails are real, but that the target was a Washington, D.C.-based private organization called the National Foreign Trade Council (NFTC).
The head of the NFTC, William Reinsch, formerly headed the U.S.-China Economic and Security Review Commission (USCC), a congressional commission that analyzes and reports on bilateral American-Chinese relations.
The emails publicly posted by the Lords of Dharmaraja were among USCC staffers. Reuters said it has a larger sample of the stolen emails, and that a large part of them are traffic to and from Reinsch's NFTC address.
Reinsch told Reuters he couldn't think of any reason Indian intelligence officials would want to read USCC or NFTC emails — but that Chinese intelligence would be very interested.
Reinsch said the NFTC learned in November that its email traffic had been intercepted, and alerted the FBI.
The posted USCC emails span a week between Sept. 28 and Oct. 5, 2011.
Meanwhile, the Lords of Dharmaraja, who had announced they would be releasing all the Symantec source code they had this week, have changed their minds.
Instead, group spokesman YamaTough said via Twitter on Monday that the PCAnywhere code would be given to malicious hackers to craft "zero-day" attacks that anti-virus software would be unable to stop.