The largest chipmaker in the United States is investigating a data breach that leaked 20 GB of confidential and restricted data. A Swiss software engineer, Till Kottmann, shared the data on the file-sharing site, MEGA, under the title “Intel exconfidential Lake Platform Release.” The leaked intellectual property contained the design of various chipsets which was under strict NDA protection. The information released included technical specifications, product guides, and manuals for Intel CPUs. The engineer received the data from an anonymous hacker via one of his Telegram channels, where he publishes data from various exploits. A few weeks ago, Kottmann released source code files of over 50 high-profile companies, including Disney and Microsoft. Intel released a statement denying being hacked and blaming the incident on a rogue user. Kottman said more data with “juicier” details were on the way.
Nature of intellectual property exposed
The data breach did not contain any sensitive personal information on Intel’s clients or workers. However, it contained technical designs for various Intel chipset platforms such as Kaby Lake and Tiger CPUs. The data breach also exposed source code belonging to third-parties, such as SpaceX sensors developed by Intel. Products affected by the data breach include:
Kabylake BIOS Reference Code, including sample code + initialization code.
SpaceX Camera drivers for Intel.
Sources and bootloader for Intel Consumer Electronics Firmware Development Kit
Firmware Support Package for various platforms.
Development and Debugging Tools for Intel
Rocket Lake S Simics simulations
Intel Trace Hub + decoder files for various Intel ME versions
Platform sample code and reference for “Elkhart Lake” silicon
Verilog code for Xeon platforms
Various platform builds of Debug BIOS/TXE
Debug BIOS/TXE builds for various Platforms
Intel Snowridge and Snowfish Process Simulator ADK
Various guides, tooling, and samples for Intel ME Bringup
Documentation, tools, and semantics for the Tiger Lake platform.
Intel marketing material templates made using InDesign
Very horrible Kabylake FDK training videos
Intel disputes that it was hacked and blames the data breach on a rogue user with access rights. The company alleged that an authorized person accessed its Resource and Design Center, downloaded the code, and shared it with Kottmann.
Intel stores confidential, technical, intellectual property protected information on the web portal for business partners integrating its products. The users accessing Intel’s intellectual property have NDAs with the company to protect the code from unauthorized shares.
Erich Kron, a Security Awareness Advocate at KnowBe4, says that protecting intellectual property could be challenging when third parties are involved.
“While this appears to be an issue related to a third party, it does underline the security concerns around intellectual property when working with business partners both up and down the supply chain. There is always a risk when sharing potentially sensitive information to these business partners. However, this is often an unavoidable part of doing business.”
Among the companies accessing Intel’s intellectual property was the Chinese firm, Centerm Information Co. Ltd. The Trump administration has accused Chinese firms of stealing US trade secrets and intellectual property. Allowing the company to access Intel’s intellectual property would raise eyebrows on Intel’s business activities and compliance with Trump’s trade policy towards China.
Most companies prioritize the protection of identifiable personal information (PII) while doing little to protect intellectual property, according to Kron.
“This intellectual property can be very valuable to potential competitors, and even nation-states, who often hope to capitalize on the research and development done by others.”
The exposure of the data affects not only Intel but also its clients such as SpaceX. It also undermines the security of Intel’s new chipsets even before they hit the market. For example, some of the products impacted by the data breach, such as Tiger CPU platforms, are yet to be released. Others, such as Ice Lake Xeon and Cooper Lake CPUs, are yet to become common in the market.
Disputes over cause of data breach
Intel believes that an individual with access downloaded and shared this data.
“We are investigating this situation. The information appears to come from the Intel Resource and Design Center which hosts information for use by our customers, partners, and other external parties who have registered for access,” Intel’s statement read in part.
The documents obtained had links to the portal, thus strengthening Intel’s claims that the leak was deliberate.
Chris Clements, the VP of Solutions Architecture at Cerberus Sentinel, supports Intel’s claims.
“It’s unusual that the leaker has released the information publicly with no confirmed ransom demands that we are aware of. It’s possible that the information compromised was available to authorized Intel partners via the Intel Resource and Design Center, as Intel has so far claimed. If that is the case, it would explain why they couldn’t extort Intel to prevent the release or find another buyer for Intel’s internal information.”
However, the hacker who shared the code says he obtained it from an unsecured server hosted on the Akamai CDN. He discovered the server using the Nmap port-scanning tool and executed a python script to discover files and folders with permissive folder permissions and default passwords.
The source of the leak says anybody who could guess the name of the folders could access them. Once discovered, the folders allowed the hacker to navigate to the root, list, and navigate to child folders. An intruder could also impersonate an authenticated user and register a user account, according to the source.
The data breach exposed Intel’s abysmal security practices. Most of the leaked zipped archives had no passwords or had simple passcodes such as intel123 or Intel123. The leaked materials also mentioned “backdoors” in the Intel source code. The term was found twice on Intel’s Purefresh Xeon CPU’s chipset. Other references mention “voltage failures” without specifying whether it affects chips already in the market or those under development.
Kottmann shared the link on Twitter, and his account has since been suspended for publicizing the data breach.