Virtualization Technology News and Information
VMware Source Code Leak Highlights Virtualization Security Concerns

The leaking of VMware's hypervisor source code discussed last week is once again shining a spotlight on the issue of security in virtualized environments as more details are coming to the surface.

The source of the leak was suspected to have come from a Chinese import-export company, the China National Electronics Import-Export Corporation (CEIEC), who suffered at the hands of hackers in March.  At the time, it was reported that a potential terabyte of data was stolen.  CEIEC officials released a statement on April 4, ahead of the announced VMware code leak, and denied that their systems had been compromised, calling the assertions in the media “totally groundless, highly subjective and defamatory.”

On April 24, Kaspersky Lab’s ThreatPost blog pointed to a hacker calling himself “Hardcore Charlie” as the person who leaked the files.  And according to ThreatPost, the breach at CEIEC can be traced back to an attack on an email hosting company,, where email accounts were compromised.

Hardcore Charlie confirmed in IRC conversations with Kaspersky that the stolen data could be traced back to the breach of server resulting in thousands of email accounts being compromised. He went on to say that he enlisted help from other hackers such as @YamaTough in order to crack the cryptographic hashes securing the Sina data.  The hack of gave the attackers access to a number of firms in the Asia-Pacific region, and they collected more than a terabyte of data from those companies. Hardcore Charlie told ThreatPost he downloaded more than 300MB of source code from VMware.

Hardcore Charlie also spoke with Reuters earlier this month, telling the news service that he was a 40-year-old Hispanic man in a country near the United States and was a friend of Hector Xavier Monsegur, the reported leader of the hacktivist group LulzSec. 

Hardcore Charlie said the leak was done to highlight the need for greater discussion around security, and not for profit. He also said he had a lot more VMware data that he will make public.

So just how serious is a leak of VMware’s source code?  VMware's Mulholland may have tried to downplay the seriousness of this attack, but not everyone agrees.

"Virtualization is mainstream and over 50% of enterprise datacenters are now virtualized," said Eric Chiu, president & founder of HyTrust.  "Because of this success, virtual infrastructure is a prime target for attack - so the theft of VMware ESX source code, similar to RSA's breach last year, is no surprise. Platform security for virtual infrastructure is a must -- without securing the virtual infrastructure, enterprises are leaving a huge area of their datacenter open to attack." 

A zero-day vulnerability in ESX could pose significant problems for VMware and the company's entire list of cloud service providers whose infrastructure runs on the hypervisor. The specifics of the leaked code are still in question, however just the availability of ESX source code could give hackers a better chance to find undiscovered vulnerabilities. The seriousness of this exposure depends on the level of code audit performed.  

"While details are sketchy, this attack once again shows that even the best prepared firms can have risks from consequential third party access to data out of their control," said Mark Bower, data protection expert and VP at Voltage Security (, leader in data-centric security and simplified key management. "The real pain for the industry in this case is less about counterfeit VMware instances, but the intimate knowledge attackers may now possess of possible vulnerabilities in a critical virtualization tool that is the foundation for many enterprise data centers, clouds, and applications."

Bower continued: "Nobody should be assuming that security by obscurity is the way to protect critical data - that's been the case since the 1800's (the well-known Kirchhoff's Rule). This incident again underpins the industry's critical and growing need to adopt a data-centric security approach - so irrespective of where data may reside, even in vulnerable systems, it stays protected until the moment it's needed. And in the attackers' hands, it's useless - even if they know exactly how the container the data is in functions and can itself be compromised."

In addition to VMware's source code, Charlie also posted documents detailing US Military transport information and internal reports on business matters.  As hackers like Charlie continue to attack large corporations and governments around the world, security is becoming an ever increasing issue of importance.

Published Monday, April 30, 2012 7:12 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2012>