April 27, 2012
Hacker Looking For US Military Documents Finds VMWare Source Code
Michael Harper for RedOrbit.com
Members from the hacktivist group “LulzSec” are at it again, as source code from VMWare´s ESX hypervisor technology has been leaked to a website used to anonymously host hacked files. According to a company blog, VMWare has said a “single file” from their ESX source code had been leaked and posted to Pastebin. The company also went on to say the source code is 8-9 years old.
Lain Mulholland, director of VMware´s security response center said the source code was publicly posted on Monday and said more code could be posted in the future.
“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMWare customers,” Mulholland noted in the company´s blog.
“VMWare proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today.”
VMWare is pointing the finger at LulzSec hacker “Hardcore Charlie” as the culprit of the source code leak. It appears Charlie wasn´t looking for the code specifically, however. In March, Charlie had attacked a Chinese import-export company, the China National Electronics Import-Export Corporation (CEIEC). During these attacks, Charlie had copied a terabyte of data from the CEIC´s database. According to The Guardian, anti-virus company Kaspersky Lab had engaged in an IRC chat with Charlie, wherein the hacker claimed to have 300 MB of VMWare´s source code.
This chain of events suggests that the CEIEC had the source code originally. Other documents have leaked online which show what appear to be internal VMWare documents on CEIEC letterhead.
When asked why he was trying to hack into the CEIEC database, Charlie said he was trying to find information about the US involvement in Afghanistan. According to The Guardian, Charlie claims to not have strong political affiliations, but was concerned the CEIEC had access to internal documents about the US involvement.
Charlie told Kaspersky he was able to break into the CEIEC after targeting email hosting firm Sina.com. Once he and his partner, known as YamaTough, stole hundreds of thousands of credentials, they were able to crack specific accounts which they found interesting. Some of these accounts belonged to workers at the CEIEC. With this information, Charlie and Tough were able to steal a terabyte worth of data.
Just how serious is a leak of VMWare´s source code?
Mulholland may have tried to downplay the seriousness of this attack, but not everyone agrees.
Vice president at Voltage Security Mark Bower said in a statement: “The real pain for the industry in this case is “¦ the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications,” according to wired.com.
In addition to the source code, Charlie and Tough also posted documents detailing US Military transport information and internal reports on business matters.
As hackers like Charlie and Tough continue to pummel large corporations and governments with their attacks, security is becoming an ever increasing issue of importance.