[BreachExchange] Intel investigating breach after 20GB of internal documents leak online

Destry Winant destry at riskbasedsecurity.com
Mon Aug 10 10:29:05 EDT 2020


https://www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/

US chipmaker Intel is investigating a security breach after earlier
today 20 GB of internal documents, with some marked "confidential" or
"restricted secret," were uploaded online on file-sharing site MEGA.

The data was published by Till Kottmann, a Swiss software engineer,
who said he received the files from an anonymous hacker who claimed to
have breached Intel earlier this year.

Kottmann received the Intel leaks because he manages a very popular
Telegram channel where he regularly publishes data that accidentally
leaked online from major tech companies through misconfigured Git
repositories, cloud servers, and online web portals.

The Swiss engineer said today's leak represents the first part of a
multi-part series of Intel-related leaks.

ZDNet reviewed the content of today's files with security researchers
who have previously analyzed Intel CPUs in past work, who deemed the
leak authentic but didn't want to be named in this article due to
ethical concerns of reviewing confidential data, and because of their
ongoing relations with Intel.

Per our analysis, the leaked files contained Intel intellectual
property respective to the internal design of various chipsets. The
files contained technical specs, product guides, and manuals for CPUs
dating back to 2016.

Image: ZDNet

Image: ZDNet

Image: ZDNet

Below is a summary of the leaked files, as provided by Kottmann:

Get multiple layers of protection for your Cyber Safety. Don’t wait!
Multi-layered, advanced security helps protect your private and
financial information when you go online.
Sponsored by Norton LifeLock

- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code +
Initialization code (some of it as exported git repos with full
history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit
(Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)

None of the leaked files contain sensitive data about Intel customers
or employees, based on ZDNet's review. However, the question remains
to what else the alleged hacker had access to before stealing and
releasing Intel's confidential files.

In an emailed statement sent after this article's publication, Intel
denied getting "hacked," disputting Kottmann's claim.

The company suggested that an individual with access to its Resource
and Design Center might have downloaded the confidential data without
authorization and shared it with the Swiss researcher. The Intel
Resource and Design Center is a web portal where Intel provides
non-public technical documents to business partners integrating Intel
chipsets into their respective products. Many of the documents
reviewed by ZDNet contained links to the Resource and Design Center,
confirming Intel's current explanation.

The company's full statement is below:

"We are investigating this situation. The information appears to come
from the Intel Resource and Design Center, which hosts information for
use by our customers, partners and other external parties who have
registered for access. We believe an individual with access downloaded
and shared this data."

However, ZDNet has also received a copy of the conversation between
Kottmann and his source, conversation in which the alleged hacker
claimed to have obtained the data via an unsecured server hosted on
the Akamai CDN, and not by using an account on the Intel Resource and
Design Center.


More information about the BreachExchange mailing list