VMware Source Code Stolen From Chinese Military Contractor

Source code for VMware’s ESX hypervisor has been stolen – apparently  from a Chinese military contractor – and posted online, by a hacker affiliated with LulzSec.

VMware has confirmed the leak and attempted to downplay the seriousness, but admitted that more source code may be released. The leak, similar to the breach of RSA’s SecurID last year, could allow attackers to compromise VMware installations, . The hacker involved in this breach, calling himself Hardcore Charlie, has claimed to have more  source code from EMC (parent of both VMware and RSA) to reveal.

Charlie and the hack factory

The code was taken from military contractor China National Import & Export Corp (CEIEC), which was reported to have been breached in March. Piecing together statements from Hardcore Charlie’s tweets, it seems the hacker, who is clearly a supporter of Anonymous and Lulzsec, stumbled onto a jumble of VMware documents by chance.

“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers,” said Iain Mulholland, Director, VMware Security Response Center in a blog, which revealed that VMware regularly shares source code with partners.

“VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today,” said Mulholland. “We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.”

How good is your security knowledge? Try our quiz.