Someone Has Shared Online 20GB of Confidential Info Belonging to Intel

• Intel may have been breached by a hacker, as a pack of 20GB that circulates online seems to be valid.
• The hacker claims that Intel’s poor security practices enabled him/her to enter and download the files.
• Intel is still investigating the occurrence, but they confirmed the data comes from a restricted access platform.

A hacker has uploaded online 20GB of source code and various documents belonging to Intel and has already promised to upload a lot more soon. The pack was given the name “Intel exconfidential Lake Platform Release ;)”, and from what seems to be the case, it contains highly confidential information that Intel wouldn’t want to see published for sure.

Some of the staff that is found on the dump include the following filenames:

• ME Bringup guides + (flash) tooling + samples for various platforms
• Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
• CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
• Silicon / FSP source code packages for various platforms
• Various Intel Development and Debugging Tools
• Simics Simulation for Rocket Lake S and potentially other platforms
• Various roadmaps and other documents
• Binaries for Camera drivers Intel made for SpaceX
• Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
• (very horrible) Kabylake FDK training videos
• Trace Hub + decoder files for various Intel ME versions
• Elkhart Lake Silicon Reference and Platform Sample Code
• Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
• Debug BIOS/TXE builds for various Platforms
• Bootguard SDK (encrypted zip)
• Intel Snowridge / Snowfish Process Simulator ADK
• Various schematics
• Intel Marketing Material Templates (InDesign)
• Various other stuff

The actor reached out to an IT consultant who finds enjoyment in dissipating source code leaks and explained that Intel used an improperly secured Akamai CDN that allowed him/her to potentially access 370 servers.

The actor then allegedly used a custom Python script to quickly probe the server and locate accessible folders and files. As long as a valid file name guess was made, the person could enter the location folder and then access the entire directory.

Credits: @rombik_su | Twitter

Allegedly, the hacker exploited a second, separate misconfiguration as well, masquerading as an Intel employee to create a new user. And as for the password protection of the contained files, that would be either “Intel123” or “intel123,” which is typically used for stuff that the company shares with engineers and its partners.

It didn’t take long for Intel to respond to all that, and so here’s is what the told Tom’s Hardware: “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners, and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”