Anonymous hackers have apparently breached Intel in a security intrusion in the past, as sensitive documents files totaling 20 GB which are to be leaked on the Internet. The news of this incident was was received after a developer received a message from the hackers giving a heads-up that the data will be leaked online.
The Intel Security Breach Was Revealed By Anonymous Hackers: Data To Be Leaked Online
Intel apparently has been breached by an unknown hacking group. News of this incident was posted online by the reverse engineer Tillie Kottmann who was contacted by the perpetrators of the crime. The hackers claim that the hack happened last year. More details and the actual files are set to be published soon.
The information about the leak reads that the published sensitive data is classified as either NDA confidential or Intel Restricted Secret. In one of the released code snippets the criminals state that there is a code reference to a backdoor. This might mean that the criminals have implanted a Trojan horse inside Intel’s servers.
The hijacked data from Intel includes a lot of technical specifications and chipset design. The first release of information includes the following data:
– Intel ME Bringup guides + (flash) tooling + samples for various platforms
– Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
– Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
– Silicon / FSP source code packages for various platforms
– Various Intel Development and Debugging Tools
– Simics Simulation for Rocket Lake S and potentially other platforms
– Various roadmaps and other documents
– Binaries for Camera drivers Intel made for SpaceX
– Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
– (very horrible) Kabylake FDK training videos
– Intel Trace Hub + decoder files for various Intel ME versions
– Elkhart Lake Silicon Reference and Platform Sample Code
– Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
– Debug BIOS/TXE builds for various Platforms
– Bootguard SDK (encrypted zip)
– Intel Snowridge / Snowfish Process Simulator ADK
– Various schematics
– Intel Marketing Material Templates (InDesign)
– Lots of other things
More About the Intel Security Breach: How It Might Have Happened
The developer who was contacted by the hackers maintains his own source repository and tools that allow access developers to hunt for resources. In it there is also compatible code from well-known companies GE Appliances, Qualcomm, Microsoft, Motorola, Lenovo and AMD. The developer strives to remove sensitive information from their repository before it is published and has always complied with data takedown requests.
The hacker reveals that the that the victim Intel server which houses the sensitive information was found on an insecure CDN network. Using a Python script the hackers were able to find a default testing credentials on the serer and were able to login into it. Inside they found insecured access to files and folders and retrieve the contents.