It seems that Intel has become a victim of a massive data breach. Around 20GB of confidential material has been stolen and leaked by an anonymous source. According to this source, this is just a portion of the data stolen, with several planned releases on the way.
There is evidence that the data consists of debugging tools, BIOS code, and internal documents. Dubbed as “Intel exconfidential Lake Platform Release”, this leak reportedly consists of many documents marked “confidential”, “restricted secret”, and under non-disclosure agreements (NDA). Most of the things published had not been published anywhere before this.
The first batch of data was released by Swiss software developer and IT consultant, Till Kottmann. Kottmann stated that the information was received from the anonymous hacker who supposedly breached the data earlier this year. Kottmann also tweeted a screenshot which provided an overview of the leaked data.
The screenshot showed data that included confidential documents, schematics, tools, and firmware versions of processors. According to Kottmann, as per his understanding of the source, there will be future leaks of data, with more classified stuff.
Kottmann has a history of sharing leaked data and has been behind data dumps of classified information earlier. Kottmann also claims that the hacker “breached” Intel, which the chipmaker denies. It is also being said that the hacker got the data through an unsecured server that was hosted on Akamai CDN. The link is being distributed on Twitter and is easily found.
What was shared?
According to ZDnet, the leak seemed authentic according to some security researchers. The dump includes:
- Intel ME Bringup guides +(flash)tooling + samples for various platforms
- Kabylake BIOS reference code and sample code+ initialization code
- Intel CEFDK (Consumer Electronics Firmware Development Kit)
- Silicon /FSP source code packages for various platforms
- Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and other platforms
- Roadmaps and various documents
- Binaries for Camera Drivers made by Intel for SpaceX
- Schematics, Tools, and Firmware for Tiger Lake platform (unreleased)
- Kabylake FDK training
- Intel Trace Hub and decoder files for ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Verilog for Xeon platforms
- Debug BIOS/TXE builds
- Bootguard SDK
- Intel Snowridge/ Snowfish Process Simulator
- Marketing Templates
According to a statement issued by the company, they are investigating the situation. They have also claimed that the information appears to have been obtained from the Intel Resource and Design Center. This center hosts information for use by Intel customers, parties, and other parties, registered to get access. The company also mentioned that they believe an individual with access could have shared after downloading the data.
It is common for companies to share confidential information regarding tech and product releases with their customers and partners before making the information public. However, even with NDAs, organizations are at risk of their intellectual property being leaked to the public before release. This intellectual property, if leaked, can end up being very useful to competitors.
While Intel is still investigating the breach, leaks like these highlight the challenge companies face when dealing with confidential information and its distribution.
Originally posted 2020-08-11 12:02:14.