Thursday, 13th May 2021
Logo Islandinfo
Mauritius in your hands            

Find in Mauritius

Sight Seeing
Eating Out
Body & Soul
Real Estate
Mauritius Map
Mauritius Online Magazine May 2017 Issue
Expatriates in Mauritius
Mauritius Discovery
Mauritius Explore
Mauritius Escape

Forthcoming Events
in Mauritius

Events & Galleries
in Mauritius
Min: 19 Max: 27
Partly Cloudy
Other regions of Mauritius
27 Apr 2012

VMWare, the virtualisation software company, has revealed that a hacker associated with LulzSec calling himself "Hardcore Charlie" has stolen at least one and possibly many more source files for its software - and has begun posting them online.

But some have speculated that the theft may have come from a hacking attack in March on a Chinese import-export company, the China National Electronics Import-Export Corporation (CEIEC), based in Beijing, in which a terabyte (1,000 gigabytes) of data was copied. In a conversation with Kaspersky Lab, the hacker claimed to have 300MB of VMWare source code.

That would suggest that it was CEIEC which had the code originally. Documents leaked online show what look like internal VMWare letters and memos on a CEIEC letterhead and with stamps which appear official.

At the time Hardcore Charlie suggested he was seeking information on the US military campaign in Afghanistan.

In an advisory on its website VMWare confirmed that a file posted on Pastebin - a popular site with hackers who want an effectively anonymous outlet - had come from its ESX source code.

In an IRC conversation with Hardcore Charlie, Kaspersky said that he claimed to have cracked cryptographic hashes on the credentials of hundreds of thousands of email accounts with the help of another hacker, who goes by the name of @Yamatough - and who is thought to have been involved in the distribution of documents suggesting that the Indian government had put in monitoring systems for Nokia, RIM and Apple smartphones - a claim that the companies all denied. The documents were later shown to be faked.

VMWare insisted that the code dated to 2003/2004, though it did not say whether that section of the code had been changed since then. "We will continue to provide updates to the VMware community if and when additional information is available," said Iain Mulholland,
director of VMware's security response centre in a statement.

VMWare provides software which makes it possible to run multiple operating systems or environments at once on the same computer.

Hardcore Charlie is claimed by some to be a former member of LulzSec, the hacking crew that in 2011 perpetrated a number of hacks of websites, including Sony Pictures Europe and News International. Its known members included one called Sabu - later unmasked as Hector Monsegur, who turned out to have been working for the FBI as an informant since August last year.

A hacker with access to the full source code of a product could sell it to rivals, or would-be competitors, or might be able to compile it into versions that are infected with their own malware which would, for example, pass back personal details from the user's machine.

CEIEC is reckoned to have deep ties into the Chinese government and Ministry of Foreign Trade, and is a key contractor on a number of overseas projects.

Mulholland said in the statement that "the fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers."

VMWare didn't indicate whether its own systems had been breached, and seemed to widen the number of potential targets to include commercial partners: VMWare, it said, "shares its source code and interfaces with other industry particiapnts to enable the broad virtualisation ecosystem today."


« Back
Publish your article with us for free
Home | About us | Contact Us | Advertising | Link to Us | Airport   Bookmark and Share Site by: Islandinfo & Maxuz Web Agency