VMWare source code leaked

VMWare has a crisis on its hands after a website posted a file of the VMware ESX source code.

Kaspersky Labs’ ThreatPost reported that a hacker named ‘Hardcore Charlie’ downloaded 300MB of VMware source code from a system belonging to the China Electronics Import-Export Corporation (CEIEC), a company that does contracting work for the Chinese military.

No one knows how VMware’s source code ended up on CEIEC’s computers but the Chinese were probably evaluating it to make sure there were no CIA backdoors.

Hardcore Charlie earlier broke into CEIEC’s computers and extracted thousands of documents from the company’s servers. The VMware source code that was posted on Pastebin this week appears to have been one of those documents.

Iain Mulholland, who is the director, VMware Security Response Centre downplayed the incident even if there was also a possibility that more files may be posted in the future.

The code and associated commentary dates to the 2003 to 2004 and is somewhat elderly.

The fear is that hackers might pull the code to bits to look for flaws which they can use to attack corporate computers. But Mulholland did not think that the source code may have been publicly shared meant any increased risk to VMware customers.

He said that VMware proactively shares its source code and interfaces with other industry participants. This makes sure that the virtualisation “ecosystem” works.

However, he said that VMWare has hired internal and external resources, including the VMware Security Response Center, to thoroughly investigate.

It will issue any updates to the VMware community if and when additional information is available, he said.