Anonymous dumps VMware source code in hacking spree

Hackers affiliated with the Anonymous group have posted a number of pieces of hacked data, include VMware source code and purported OCSE documents, as part of protests linked to Guy Fawkes day.

VMware confirmed that source code posted on Sunday was genuine, and recommended that customers apply patches.

"Today, November 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004," said VMware director of platform security Iain Mulholland in an advisory. "By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected."

The code-dump was publicised by a hacker called 'Stun' in a Tweet on Sunday, and uploaded to the 1337X torrent site.

"It is the VMkernel from between 1998 and 2004, but as we all know, kernels don't change that much in programs, they get extended or adapted but some core functionality still stays the same," said Stun in text accompanying the dump.

VMware said in its advisory that the code leak was linked source code that was publicly posted in April 2012.

"It is possible that more related files will be posted in the future," said Mulholland. "We take customer security seriously and have engaged our VMware Security Response Centre to thoroughly investigate.

The Anonymous 'hacktivist' group, which uses Guy Fawkes masks from the 'V for Vendetta' graphic novel and Warner Bros film as a symbol, publicised a number of alleged document leaks on Sunday and Monday around Guy Fawkes day.

The Anonymous Intelligence Agency (Par:AnoIA) claimed a dump of documents from the security, human rights and election observation group the Organization for Security and Cooperation in Europe (OSCE). The dump was to draw attention to alleged falsifications in election results in the Ukraine last week, Par:AnoIA said.

AntiSec, a group of hackers affiliated with Anonymous, issued a 'teaser' document with claims of access to data from intelligence company Stratfor, credit card details from 'US officers', and a list of allegedly compromised emails from Colombian prisons.

As part of its alleged data disclosure, Anonymous released purported PayPal data to the PrivatePaste document site, it claimed in a Tweet on Sunday.

"PayPal hacked by Anonymous as part of our November 5th protest," said part of the Tweet.

The documents on PrivatePaste were unavailable to view on Monday. PayPal head of PR Anuj Nayar said the company was looking into the alleged breach in a Tweet on Monday.

"We're investigating this but to date we have been unable to find any evidence that validates this claim," said Nayar.

Sign up to our newsletters