← Back to Blog
CiberseguridadDelitos informaticos

Intel Data Breach: 20 GB of Intellectual Property

Intel Data Breach: 20 GB of Intellectual Property

A data and classified document leak from US chipmaker Intel was uploaded to a cloud service, putting the company's intellectual property at risk.

The information is 20 GB in size and comes from an unknown source. It was announced as the first part of a series of Intel leaks.

Swiss-based IT consultant Tillie Kottmann published confidential technical material from Intel on Thursday — code and documents related to various processors and chipsets.

"An anonymous source gave them to me after obtaining them earlier this year; more details about this will be published soon"

They wrote on Twitter, suggesting that someone had broken into Intel's systems and diverted the material. More leaks of Intel's secret data are expected.

An Intel spokesperson said it was likely taken from their Design and Resource Center, a private resource library for computer manufacturers and similar companies to build systems using Intel silicon.

Access to this center is not open to the public, and its confidential content is intended to be used, for example, to create firmware and design motherboards compatible with Chipzilla's microprocessors.

The first batch of documents, distributed via a Mega link through Telegram, weighs around 20 GB. The data dump contains confidential Intel files subject to NDA, a non-disclosure agreement, meaning they should not be shared publicly.

The repository includes things such as:

  • Intel ME Bringup guides + tools (flash) + samples
  • Kaby Lake BIOS reference code (Purley platform) and sample code + initialization code (some of them as exported git repositories with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (bootloader material))
  • Silicon / FSP source code packages for various platforms
  • Various Intel development and debugging tools
  • Simics Simulation for Rocket Lake S
  • Camera driver binaries Intel made for SpaceX
  • Schematics, documents, tools + firmware for the unreleased Tiger Lake platform
  • (Catastrophic) Kaby Lake FDK training videos
  • Intel Trace Hub decoder files + for various versions of Intel ME
  • Elkhart Lake silicon and platform reference code
  • Verilog data for various Xeon platforms
  • Debug BIOS / TXE builds for various platforms
  • Boot Guard SDK (encrypted zip)
  • Intel Snow Ridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel marketing material templates (InDesign)

Kottmann published part of the archive's code on Twitter, such as this snippet after searching for "backdoor" in Intel's firmware sources:

https://twitter.com/deletescape/status/1291422841834016770

This code appears to involve memory error detection and correction handling. IOH SR 17 likely refers to scratchpad register 17 in the I/O Hub, part of Intel's chipsets, which is used in the firmware code.

In this context, I suspect from the mention of ACPI that RAS is Reliability, Availability, and Serviceability, which does memory error detection and correction. IOH SR 17 probably refers to a scratchpad register in the I/O Hub chipset used by the firmware

— Chris Williams (@diodesign) [August 6, 2020](https://twitter.com/diodesign/status/1291432860788785152?ref_src=twsrc%5Etfw)

Intel said the data leak appears to be from the Intel Design and Resource Center. A company representative did not speculate on the breach method, but said the leak may be from someone with portal access:

"We are investigating this situation. The information appears to come from Intel's Design and Resource Center, which hosts information for use by our customers, partners, and other external parties who have registered for access. We believe an individual with access downloaded and shared this data." — Intel representative

Employees in this department have higher-than-normal privileges giving them access not only to resources for customers and original equipment manufacturers, but also to Intel intellectual property such as documentation and tools, testing services, and pre-launch product information, all available under a corporate non-disclosure agreement (CNDA).

Today, the alleged source of the Intel data leak explained how they found the material: apparently by scanning the internet with Nmap and finding an unsecured Akamai CDN server hosting Chipzilla's files.

(adsbygoogle = window.adsbygoogle || []).push({});

Kottmann also said that the files passed to them were obtained from the partner-exclusive design center:

"As far as I know, the data I have was taken directly from the CDN for the Intel Design and Resource Center"

Meanwhile, sources familiar with Intel's investigation explained that the documents shared in the data leak may be outdated, as it is unclear when the information was obtained from the center, and that no personal or customer data was included in the exfiltrated documents.

At this stage, Intel does not believe it was compromised and is maintaining an ongoing investigation to uncover how the information was exfiltrated.

Sources: theregister, BleepingComputer

#brecha#ciberataque#informacion#intel#103#98

Comments

No comments yet. Be the first to share your thoughts.

Leave a Comment

Comments are reviewed before publishing.

Intel Data Breach: 20 GB of Intellectual Property — Bothrops Blog