Intel today became the apparent victim of a massive internal data breach, as roughly 20 GB of various Intel documents and tools have begun showing up in a data cache uploaded to the wider internet. With materials seemingly spanning over a decade, the breach reportedly includes everything from Intel presentation templates to BIOS code and debugging tools, and would represent one of the biggest intellectual property leaks from a chipmaker in years.

Released by Till Kottmann, a Swiss software engineer and open security advocate, Kottmann has stated that this is the first of several planned Intel IP releases, calling this first release the “Intel exconfidential Lake Platform Release”. According to tweets posted by Kottmann, he received the material from an anonymous source who breached Intel earlier this year. Meanwhile, ZDNet reports that Kottmann is a regular figure in IP leaks, and has published a number of other tech company leaks before.

Responding to this leak, Intel this afternoon has issued a brief statement to the press acknowledging the leak, and stating that they believe it came form the Intel Resource and Design Center, a secure Intel repository for third party partners to access various confidential documents and schematics.

We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.

While AnandTech has not validated the contents of the data cache, I’ve heard from one source who has seen it that there are signed NDA documents in there mentioning an Intel partner. So while Intel may be right about the source of the data, the actual breach may have occurred with a partner rather than the actual Intel repository, or in concert with a breach of Intel’s repository.

Overall, Kottmann claims that the leak has a wide collection of various Intel confidential and NDA’d documents and tools, including:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (very horrible) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)

Thus far, while no one has reported finding anything quite as sensitive as Intel CPU or GPU design schematics – which is consistent with the claim that it originated from Intel's Resource and Design Center. None the less, the material in the leak looks to be quite valuable, and potentially damaging in the long run. Firmware blobs are particularly interesting, as while these would need to be reverse engineered to extract useful information out of them, they could potentially contain significant information that hasn’t otherwise been shared before.

Otherwise, in a bit of situational irony, this leak is likely to cast doubt upon all future Intel leaks. The inclusion of the company’s presentation templates, while not particularly damaging to Intel, would mean that it’s now trivial to generate fake but accurate-looking Intel roadmaps and presentations. These kinds of materials are already regularly faked, but now it’s easier than ever to do so.

Ultimately with no reason to doubt Kottmann’s claims, it would seem that this just the start of a run of leaks for Intel. And while the company will no doubt be doing everything possible to stop the process, whether they have any legal power to do so remains to be seen.

Source: ZDNet

Comments Locked


View All Comments

  • brucethemoose - Friday, August 7, 2020 - link

    That is exactly how not to approach security. Leave a "impossible scenario" unpatched, and it'll show up in a long exploit chain somewhere in the future.
  • timecop1818 - Friday, August 7, 2020 - link

    Nobody cares about all the porn on your desktop. Not even yourself. Drop your tinfoil hat.
  • Carmen00 - Friday, August 7, 2020 - link

    Ahhhh, the old "hey, we're all friendly here! Nobody cares about your data so it's OK even if you get hacked!" routine.

    Have you ever been on the internet? Do you think it is such a friendly place? Then by all means, please disable all multi-factor authentication on your primary email account and drop your username & password here. AT comment-sections are probably one of the most friendly places on the internet, and hey, nobody is interested in your emails to your mom. You're perfectly safe, no need to wear a "tinfoil hat" here. You can show us all about it through your own example, big boy.
  • Spunjji - Friday, August 7, 2020 - link

    How dare you imply that timcarp182 is not a supergenius pragmatic expert in the cyber
  • Makaveli - Friday, August 7, 2020 - link

    lol Timcops1818 views are outdated and ridiculous thanks for the laugh.
  • Carmen00 - Friday, August 7, 2020 - link

    Sorry to say, but that's complete nonsense. Firstly, the Intel security mitigations are absolutely necessary for "single user computers" because modern "single user computers" happen to run software which comes from the internet and other sources. The issues break isolation at the hardware level, and you don't need to have a multi-user computer to have security-relevant isolation between processes.

    Secondly, nobody is going to exfiltrate data purely through attacks that target Intel's security issues - that would be grossly inefficient. Any attacker is going to use the Intel security issue to gain more access to the system, and once they have a sufficient level of access, they can use it to efficiently exfiltrate any amount of data that they'd like.
  • voicequal - Friday, August 7, 2020 - link

    It's probably good to have the mitigations available for front end systems, but there are many back end cases where performance would be preferable to the marginal increase in security.
  • timecop1818 - Saturday, August 8, 2020 - link

    Again, nobody cares. "happen to run software". Yeah, I know exactly what software is running and why. Nobody, and I mean absolutely NOBODY cares about your shitty desktop PC. But now you have to deal with retarded mitigations that make already lazily written shitty software even shittier.

    A "virus" in 2020 is a retarded .exe made with python2exe attached to email with a "omg click me to win 20,000,000 GBP", its pretty damn obvious what it's going to do if executed.

    > through attacks that target Intel's security issues - that would be grossly inefficient
    We all know this data was just some shit leftover in a file share. Also most of it is just useless rubbish anyway.

    It is 1000000000% easier to social engineer access, obtain physical access by breaking a window, obtain physical access by beating up a guy leaving some office and grabbing his keycard, etc.

    I bet you fucking run several copies of AV software which is why you need 32core AMD shitheap to compute, cuz 30 of them are busy scanning every fucking text file you open for "viruses".
  • Carmen00 - Monday, August 10, 2020 - link

    Since my doctorate is in the field of information security, I have to say that this made me laugh - and also cry a bit, because it is exactly this attitude that actively prevents OS vendors from allowing users full control over their machines. The classic case-in-point is Sasser, a worm for which the patch had been issued over 2 weeks earlier, but which many admins and ordinary users had decided not to apply (or not yet decided to apply - the effects were the same). The resulting carnage downed critical organizations for hours or days.

    Sasser does not stand alone, of course. Decades of experience have taught us that users strongly believe that they know enough about risk and infosec to make good choices, and also that they are most often grossly mistaken. We live in a world filled with zombie botnets because of this. Nor does more education rectify the problem: study after study shows that despite strong security messaging, many users will give up their passwords for something as trivial as a candy-bar. Users also fail to realize the subtlety of the risks that they are faced with on the internet, and this is why browser manufacturers have had to essentially create mini-OSes with sandboxing to keep users safe from their poor choices (and even then, users find ways to screw themselves over). Unless you have at least 2-4 years of deep experience with infosec, it's difficult to properly comprehend the modern risk landscape, and it's very easy to make poor decisions through ignorance alone. There are few users who will immerse themselves in the field to that extent, which means that it really is up to vendors, at a practical and pragmatic level.

    Your response joins a long line of arrogant user statements that claim, despite all observable facts, to know better than trained infosec professionals. Congratulations, I suppose? And please understand that you (and people like you) are the reason that we cannot have some very nice things, such as developer access to ring-0. You are the reason that OS vendors HAVE to apply Intel's mitigations whether you like them or not, because they simply cannot trust you to make reasonable and informed decisions.

    I fully understand that this response will not change your mind one whit and research shows that, if anything, you will become even more adamant that you are right. That's OK; I'm not writing it for you. I'm writing it for other people who may run across it because research also shows that if you don't have your ego on the line, you actually can learn a lot from the experts.

    I wish you the best of luck on the internet, timecop1818. You'll certainly need it.
  • K_Space - Tuesday, August 11, 2020 - link

    Thanks Carmen00; comments like these makes AT worth it... and timecop1818 for the laughs :P

Log in

Don't have an account? Sign up now