Intel investigates the breach: 20 GB of internal documents got leaked

Confidential and restricted, secret documents were uploaded on file-sharing site MEGA. Intel denies it was hacked

Confidential information was released to the public when hakcer released 20 GB of Intel files. Intel – the chipmaker from the United States need to investigate the security breach because 20 BG of internal documents were made public.^[1] The person who published data – Till Kottmann, a Swiss software engineer.^[2] He says that files were received from the anonymous hacker that claimed to accessed Intel data earlier this year.^[3]

Kottmann manages the Telegram channel that regularly publishes information leaked online that belongs to various tech companies. This information mainly gets leaked via misconfigured Git repositories, cloud servers, online portals, other sources. This 20 GB is the first part of a series of Intel leaks.

Till Kottmann himself indicated that all the files were not published anywhere else, and most of them are confidential under NDA or Intel Restricted Secret. It is possible that backdoors got used to exfiltrate the information. However, there are no particular confirmations that hackers accessed any computers belonging to Intel employees.

What data was leaked

Kottmann strongly believes that future leaks from the source are likely to contain more “juicy” information and sensitive data, classified documents.^[4] The initial release contains files related to:

Intel ME Bringup guides + (flash) tooling + samples for various platforms

Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)

Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES

Silicon / FSP source code packages for various platforms

Various Intel Development and Debugging Tools

Simics Simulation for Rocket Lake S and potentially other platforms

Various roadmaps and other documents

Binaries for Camera drivers Intel made for SpaceX

Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform

(very horrible) Kabylake FDK training videos

Intel Trace Hub + decoder files for various Intel ME versions

Elkhart Lake Silicon Reference and Platform Sample Code

Some Verilog stuff for various Xeon Platforms, unsure what it is exactly

Debug BIOS/TXE builds for various Platforms

Bootguard SDK (encrypted zip)

Intel Snowridge / Snowfish Process Simulator ADK

Various schematics

Intel Marketing Material Templates (InDesign)

Customer data is not exposed, details related to employees also were not included in these files. There are many questions about other possibilities and the whole hacking feature. It is still unknown if the alleged hacker really accessed the database or a server to steal this information and releasing confidential Intel files.

A possible scenario, as the hacker claims

According to the alleged hacker that send the information to Kottmann, the Intel server was found on CDN and was not properly secured. A python script was used to test for default username access and unsecured access to these folders and files. Knowing the right names allowed the attacker to access the data.

The conversation with the particular hacker revealed that attackers can possibly impersonate any Intel employee, and access these resources, create additional users, get to archives that are protected with weak passwords.^[5]

Intel denies this hacking. The company claims that an individual with access to its Resource and Design Center downloaded confidential files and shared them with the Swiss researcher.

We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.