Bottom line: It will take researchers some time to comb through the data dump and determine just how harmful the information on the open market can be. But perhaps it is the company’s greater concern that could lie in wait.
Intel has apparently suffered from a massive data breach which, according to the anonymous source of the material, is the first of several planned intellectual releases to come.
The first batch of data, a collection of 20 GB of internal documents, debugging tools and BIOS code, was initially shared on Twitter by Till Kottmann, a Swiss software engineer with a history of leaking data from large tech companies. Kottman said the anonymous source recorded the data by hacking Intel earlier this year.
Intel has issued the following statement to the press regarding the matter.
We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe that an individual with access can download and share this data.
ZDNet has investigated the contents of the leak with security researchers, who considered the material authentic. According to Kottmann, the dump includes:
- Intel ME Bringup accompanies + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization Code (some of which are exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for different platforms
- Various tools for Intel development and debugging
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for camera controllers Intel made for SpaceX
- Schedule, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very terrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for different Xeon platforms, not sure what it is exactly.
- Debug BIOS / TXE builds for different platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Different schemes
- Templates for Intel Marketing Materials (InDesign)
Regardless of how the data was obtained, Intel is not a good performer. Perhaps even more worrying is the possibility that this is the first of several more leaks to come.
Masthead Credit: Sundry Photography
