Intel today became the apparent victim of a massive internal data breach, as roughly 20 GB of various Intel documents and tools have begun showing up in a data cache uploaded to the wider internet. With materials seemingly spanning over a decade, the breach reportedly includes everything from Intel presentation templates to BIOS code and debugging tools, and would represent one of the biggest intellectual property leaks from a chipmaker in years.

Released by Till Kottmann, a Swiss software engineer and open security advocate, Kottmann has stated that this is the first of several planned Intel IP releases, calling this first release the “Intel exconfidential Lake Platform Release”. According to tweets posted by Kottmann, he received the material from an anonymous source who breached Intel earlier this year. Meanwhile, ZDNet reports that Kottmann is a regular figure in IP leaks, and has published a number of other tech company leaks before.

Responding to this leak, Intel this afternoon has issued a brief statement to the press acknowledging the leak, and stating that they believe it came form the Intel Resource and Design Center, a secure Intel repository for third party partners to access various confidential documents and schematics.

We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.

While AnandTech has not validated the contents of the data cache, I’ve heard from one source who has seen it that there are signed NDA documents in there mentioning an Intel partner. So while Intel may be right about the source of the data, the actual breach may have occurred with a partner rather than the actual Intel repository, or in concert with a breach of Intel’s repository.

Overall, Kottmann claims that the leak has a wide collection of various Intel confidential and NDA’d documents and tools, including:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (very horrible) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)

Thus far, while no one has reported finding anything quite as sensitive as Intel CPU or GPU design schematics – which is consistent with the claim that it originated from Intel's Resource and Design Center. None the less, the material in the leak looks to be quite valuable, and potentially damaging in the long run. Firmware blobs are particularly interesting, as while these would need to be reverse engineered to extract useful information out of them, they could potentially contain significant information that hasn’t otherwise been shared before.

Otherwise, in a bit of situational irony, this leak is likely to cast doubt upon all future Intel leaks. The inclusion of the company’s presentation templates, while not particularly damaging to Intel, would mean that it’s now trivial to generate fake but accurate-looking Intel roadmaps and presentations. These kinds of materials are already regularly faked, but now it’s easier than ever to do so.

Ultimately with no reason to doubt Kottmann’s claims, it would seem that this just the start of a run of leaks for Intel. And while the company will no doubt be doing everything possible to stop the process, whether they have any legal power to do so remains to be seen.

Source: ZDNet



View All Comments

  • eastcoast_pete - Friday, August 7, 2020 - link

    Do the data include Intel's real supply situation and fab availability? Or information on what went wrong and is still going wrong with their 10 nm and 7 nm process? That would be interesting to know! Reply
  • peevee - Tuesday, August 11, 2020 - link

    Extremely interesting!

    Somebody has 20GB of reading to do.
  • Oxford Guy - Friday, August 7, 2020 - link

    So, unlike Assange, this Kottmann isn’t going to be put into a glass cage in a courtroom after being put on house arrest for how many years in a random embassy? Reply
  • Oxford Guy - Friday, August 7, 2020 - link

    And Greenwald is apparently sitting on 95% of the Snowden archive while claiming that the only people interested in its contents are lunatic fringe. I’m not seeing much symmetry between these three examples. Reply
  • Spunjji - Tuesday, August 11, 2020 - link

    🙄 Reply
  • npz - Saturday, August 8, 2020 - link

    To be fair, none of this seems remarkable at all. I used to have an account:
    to these same type of docs up through Skylake. It's available to any partner like any hardware vendor, custom integrator, mobo maker, system software company etc would have access. None of this is on the level of real trade secrets

    Also, most of the cpu and chipset datasheets under NDA during development eventually are released to the public on Intel's site when the products ships. (Firmware code always remains under NDA though)
  • yeeeeman - Monday, August 10, 2020 - link

    When Intel has the tiniest vulnerability, the press is booming. In 5 minutes every single hardware outlet is putting that news up front, first page, boom.
    When new vulnerabilities that affect ARM, AMD, IBM CPUs also appear, nothing. Absolutely nothing.
    I guess that is not interesting enough for you.
    Shame on you.
  • Spunjji - Tuesday, August 11, 2020 - link

    I'm seeing news about it all over the place - mostly mainstream news sites rather than tech, though. Reply
  • PeachNCream - Tuesday, August 11, 2020 - link

    It is interesting that Anandtech does not report on major vulnerabilities. Ripple20, for instance, never made it on AT's radar and the Qualcomm matter appears as though it too will slip past them.

    To be fair, Anandtech is not an information security site and does not have the staffing or expertise to understand cybersecurity at more than a superficial level so perhaps that is best left to those with more specialized experience and AT should continue to republish press releases covering gaming motherboards, video cards, and the most recent new goo-gaw phone without regard for information security.
  • DigitalFreak - Monday, August 10, 2020 - link

    Probably more people interested in it to find exploits than to steal their 14nm++++++++++++++++++++++ secrets. Reply

Log in

Don't have an account? Sign up now