Threat Watch

Intel Investigating Leak of Sensitive Internal Documents

Intel is investigating to determine the source of 20GB of internal data that has been made public on the file hosting site MEGA. The breach is believed to contain information from over the last decade; it has been reported that presentation templates, BIOS code, debugging tools, and more have leaked onto the Internet. Till Kottmann, a security advocate and software engineer, is the person who posted the files online. Kottmann said that he received the files from a sensitive source, who claims to have compromised the security of Intel to take the files and guessed the passwords to decrypt some of the more confidential files. Kottmann stated that this is the first of several planned Intel IP releases, calling this first release the “Intel confidential Lake Platform Release.”

Intel issued a statement saying, “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners, and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.” Kottmann also said that the leak has a wide collection of various intel confidential and NDA documents and tools. Below is a list of what has been leaked: 

§ Intel ME Bringup guides + (flash) tooling + samples for various platforms

§ Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)

§ Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES

§ Silicon / FSP source code packages for various platforms

§ Various Intel Development and Debugging Tools

§ Simics Simulation for Rocket Lake S and potentially other platforms

§ Various roadmaps and other documents

§ Binaries for Camera drivers Intel made for SpaceX

§ Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform

§ (very horrible) Kabylake FDK training videos

§ Intel Trace Hub + decoder files for various Intel ME versions

§ Elkhart Lake Silicon Reference and Platform Sample Code

§ Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.

§ Debug BIOS/TXE builds for various Platforms

§ Bootguard SDK (encrypted zip)

§ Intel Snowridge / Snowfish Process Simulator ADK

§ Various schematics

§ Intel Marketing Material Templates (InDesign)

ANALYST NOTES

Whether the leaked data came from an insider or it was stolen by someone who compromised Intel’s security controls, it is inappropriate for the confidential business data to be leaked to the public. If the chat transcript with the source that Kottmann shared is accurate, it may be that sensitive documents were protected by weak passwords that could easily be guessed. Companies should review security controls used to protect confidential files and implement digital rights management controls to protect and track document access by authorized personnel.

For more information about this breach, click the links below:

https://www.anandtech.com/show/15962/intel-data-breach-20gb-of-ip-leaked

https://www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/