Hacker Steals Source Code From VMware
Hacker Steals Source Code From VMware
It’s been rough sailing for VMware this week as a hacker named “Hardcore Charlie” claims to have stolen some of the Palo Alto-based company’s source code and other documents via a Chinese military contractor. Ars Technica has some background information on the hacker with the not-so-subtle name:
This VMware source code reportedly was stolen from Chinese military contractor CEIEC, the China National Electronics Import-Export Corporation. VMware code wasn't the only target. Although the VMware connection wasn’t verified until yesterday, the hacker Hardcore Charlie told Reuters earlier this month that he hacked into CEIEC seeking information on the US military campaign in Afghanistan, and also that he was a friend of Hector Monsegur, the LulzSec leader who was caught by the FBI and pleaded guilty to criminal hacking charges.
VMware acknowledged the theft in a blog post that minimizes its significance. From VMware’s Security and Compliance blog:
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today.
“The real pain for the industry in this case is … the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications,” said Mark Bower, a vice president at Voltage Security, in a statement.
Zetter also attempts to tie this source code thievery to Symantec’s January incident involving stolen company source code.
The VMWare leak matches some details around a similar source code leak earlier this year involving Symantec products. Hardware Charlie’s alleged partner in crime, YamaTough, claimed responsibility for that leak.
In February, YamaTough posted files belonging to six-year-old versions of Symantec’s source code, including its 2006 Endpoint Protection 11.0 and its discontinued Symantec Antivirus 10.2. The hacker posted the code after an alleged attempt to extort $50,000 from Symantec.
YamaTough apparently obtained the code from a hacker group calling itself the Lords of Dharmaraja. That group claimed it uncovered the source code on servers belonging to India’s military intelligence agency. But a document the group initially published with their claim, purporting to show cooperation between Symantec and the spy agency, proved to be false.
And it doesn’t look like we will be hearing the last from Hardcore Charlie. InformationWeek’s Mathew J. Schwartz wrote up a thorough article on VMware and security issues that also happens to detail Charlie’s plans for the future:
Charlie said he obtained the VMware kernel source code via March attacks against China Electronics Import & Export Corporation (CEIEC). He said he'd also attacked--and still had access to--China North Industries Corporation (Norinco), WanBao Mining, Ivanho, and PetroVietnam.
Charlie promised that a full-scale document dump, involving at least 1 TB of data, would also occur on May 5, including a "complete CEIEC stash of documents." He said that while they were still reviewing the documents' contents, they'd also made a number of interesting discoveries. "We want to make it clear that CEIEC is engaged in a criminal activity with Ukraine and Russian officials as of supplying Ukraine and Russia with U.S. Army information for the terrorists," he said in the Pastebin post. "In Ukraine Chinese security services enforce illegal copper mine deals through corrupted KGHMPM [KGHM (Shanghai) Copper Trading Company] officials and in Russia through Gazprom subsidiary companies."