VMware confirms source code leak, LulzSec-affiliated hacker claims credit

[nsane.forums]

VMware has confirmed a leak of source code from the ESX hypervisor. The code was posted on Pastebin on April 8 by a hacker calling himself "Hardcore Charlie."

VMware confirmed the theft yesterday, and said there is a "possibility that more files may be posted in the future." The good news is that the code dates from 2003 to 2004. While VMware ESX is still heavily used, VMware is shifting customers to a newer hypervisor called ESXi, which has a smaller attack surface and is designed to be more secure.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," the company said. "VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

The Kaspersky Lab ThreatPost blog somewhat over-dramatically called the incident the "IT equivalent of the Deepwater Horizon oil spill disaster."

This VMware source code reportedly was stolen from Chinese military contractor CEIEC, the China National Electronics Import-Export Corporation. VMware code wasn't the only target. Although the VMware connection wasn’t verified until yesterday, the hacker Hardcore Charlie told Reuters earlier this month that he hacked into CEIEC seeking information on the US military campaign in Afghanistan, and also that he was a friend of Hector Monsegur, the LulzSec leader who was caught by the FBI and pleaded guilty to criminal hacking charges.

View: Original Article

[Adrean]

VMWare Source Code Leak Follows Alleged Hack of Chinese Defense Contractor

^{Photo: cip_sb/Flickr}

Source code belonging to VMWare has leaked to the internet after apparently being stolen by a hacker who claims to have obtained it from a Chinese firm’s network.

The source code belongs to VMWare’s ESX virtual machine software product, a popular tool for creating and operating virtual computing environments. The code was posted to the Patebin web site, a repository for coders that has become a favorite for hackers to publish purloined wares.

VMWare acknowledged the leak in a note posted to the company’s web site.

On Monday, VMWare “became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future,” wrote Iaian Mulholland, director of the company’s Security Response Center, in a in the note.

Mulholland said the code dates from the 2003-2004 timeframe and noted that the company regularly shares its source code with other industries, suggesting that the software might indeed have been stolen from a third-party network, rather than VMWare’s own network.

But Mulholland, naturally, downplayed the seriousness of the leak.

“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers,” he wrote.

Others disagree with this assessment.

“The real pain for the industry in this case is … the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications,” said Mark Bower, a vice president at Voltage Security, in a statement.

A hacker who goes by the name “Hardcore Charlie” claimed responsibility for the leak and asserted that he possessed about 300 Megabytes of VMWare source code, more of which would be released. He said the data was part of a cache taken from a previously reported breach of a network belonging to the Beijing-based China Electronics Import & Export Corporation, which works with the Chinese military.

The hacker told Reuters earlier this month that he had targeted CEIEC in an effort to uncover documents about the U.S. government’s involvement in Afghanistan. He said he worked with another hacker who goes by the name YamaTough.

Hardcore Charlie told security firm Kaspersky that they got to CEIEC and other firms after first targeting Sina.com, an email hosting firm. After stealing the credentials of hundreds of thousands of accounts, the hacker said they cracked the cryptographic hashes on credentials for interesting accounts, such as ones belonging to workers connected to CEIEC and other firms, and then purloined more than a terabyte of data from those company networks.

Earlier this month, he posted documents from those breaches, some of which purport to be U.S. military reports and shipping documents related to Afghanistan.

Although VMWare has confirmed the authenticity of its leaked source code, the authenticity of the U.S. military documents published by the hackers, or the story about how the breaches were accomplished, have not been verified.

The VMWare leak matches some details around a similar source code leak earlier this year involving Symantec products. Hardware Charlie’s alleged partner in crime, YamaTough, claimed responsibility for that leak.

In February, YamaTough posted files belonging to six-year-old versions of Symantec’s source code, including its 2006 Endpoint Protection 11.0 and its discontinued Symantec Antivirus 10.2. The hacker posted the code after an alleged attempt to extort $50,000 from Symantec.

YamaTough apparently obtained the code from a hacker group calling itself the Lords of Dharmaraja. That group claimed it uncovered the source code on servers belonging to India’s military intelligence agency. But a document the group initially published with their claim, purporting to show cooperation between Symantec and the spy agency, proved to be false.

Symantec later said it believed the files might have been taken during a previously undisclosed breach of its own network in 2006.

:view:Original Article: Wired

[DKT27]

Threads merged.