Intel is investigating the alleged leak of more than 20 GB of its internal documents that have been uploaded online on a public file-sharing service.
Till Kottmann, a Swiss software engineer, published the classified documents on MEGA website, revealing that they were received from an anonymous hacker who claimed to have breached Intel earlier in 2020.
Kottmann manages a Telegram channel where he posts data that is accidentally leaked from leading tech firms through online web portals, cloud servers, and misconfigured Git repositories.
Kottmann dubbed the leaked data as "Intel exconfidential Lake" and said that much of the information is under strict non-disclosure agreement (NDA) and not published anywhere.
They were given to me by an Anonymous Source who breached them earlier this Year, more details about this will be published soon.— Tillie 1312 Kottmann #BLM ???????? (@deletescape) August 6, 2020
An overview of the contents: https://t.co/cYt8Y4j3CQ pic.twitter.com/bqruJF2kNn
According to Kottmann, the initial release contains documents related to:
- Kabylake (Purley platform) BIOS reference code and sample code + initialisation code
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Silicon/ FSP source code packages for various platforms
- Intel Consumer Electronics Firmware Development Kit SOURCES
- Various development and debugging tools
- Simics Simulation for Rocket Lake S
- Intel's binaries for camera drivers created for SpaceX
- Kabylake FDK training videos
- Schematics, Docs, Tools + Firmware for unreleased Tiger Lake platform
- Elkhart Lake Silicon Reference and Platform Sample Code
- Intel Trace Hub + decoder files for various Intel ME versions
- Verilog stuff for various Xeon Platforms
- Bootguard SDK (encrypted zip)
- Debug BIOS/TXE builds for various platforms
- Intel Marketing Material Templates (InDesign)
- Intel Snowridge/ Snowfish Process Simulator ADK
- Lots of other things
The hacker told Kottmann that they used the nmap port-scanning tool to scan the internet and found an unsecured Intel server on Akamai CDN. Using a custom Python script, they were able to guess default passwords and gain access to files and folders on the system.
Kottman said that "if you find password protected zips in the release the password is probably either "Intel123" or "intel123".
Kottmann also hinted at potential "backdoor" information being present in the leaked files, revealing that the word "backdoor" appeared twice in the source code associated with Intel's Purely Refresh chipset for Xeon CPUs.
In a statement, an Intel spokesperson said that Intel officials don't believe the leaked data came from a network breach. Rather, it appears to come from the Intel Resource and Design Centre, which hosts information for use by Intel's partners, customers, and other external parties.
The spokesperson said that a person with access to Intel's Resource and Design Centre probably downloaded the data and shared it with Kottmann.
The attacker likely exploited CVE-2019-11510 security flaw to gain access to vulnerable systems
The Florida State Attorney's office is handling the prosecution of a 17-year old boy for his role in the Twitter hack that affected accounts including those belonging to Bill Gates and Elon Musk
Spear-phishing attack enabled attackers to access 130 accounts on the social media platform
125 organisations in the UK have contacted the ICO in relation to data breach
Data published online after service provider refused to pay ransom