MASSIVE 20GB LEAK FROM INTEL DOCUMENTS BACKDOORS IN ALL INTEL CPUS

Classified and confidential documents from U.S. chipmaker Intel, allegedly resulting from a breach, have been uploaded earlier today to a public file sharing service.

The cache of secret information is 20GB large and comes from an unknown source. It was announced as the first part in a series of Intel leaks.

According to Tillie Kottmann, a developer and reverse engineer who received the documents from an anonymous hacker, most of the information is supposed to be protected intellectual property. The developer was told that the information was stolen from Intel in a breach this year.

"They were given to me by an Anonymous Source who breached them earlier this year, more details about this will be published soon," Kottmann says.

“Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret,” the developer added.

Those browsing firmware source code will find comments referring to backdoors, but that could mean anything and does not necessarily mean they can gain access to your computer:

An Intel spokesperson replying to our request for comments pointed us to the company’s product security policy page, which states that "Intel product development policy and practices prohibit any intentional steps to allow undocumented device access (e.g., “backdoors”), exposure of sensitive device information, or a bypass of security features or restrictions of its products."

Some of the files in the archive include technical specifications and relate to internal chipset design, including Kaby Lake platform and Intel Management Engine (ME).

This initial release contains documents related to the following:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (very horrible) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)

This release has already been dubbed “juicy” but Kottmann believes that future leaks from their source are likely to contain even “juicier” classified documents.

HOW IT ALLEGEDLY HAPPENED

Kottman is maintaining a repository with source code obtained by them and various sources hunting for misconfigured devops tools that allow access to resources. The repository contains data, proprietary code included, from dozens of companies (GE Appliances, Microsoft, Qualcomm, Motorola, AMD, Lenovo).

The developer does their best to remove sensitive information from the code they publish and complies with takedown requests. Even more, they are willing to provide details about the misconfiguration and how to avoid mishaps in the future.

The Intel breach appears to be no different. The hacker told Kottmann that they found an Intel server on a CDN that was not properly secured. This particular machine was seemingly selected based on details collected from an internet-wide scan.

Using a custom Python script, the hacker claims they were able to test for default username access and unsecured access to files and folders. According to the hacker, access to the folders was possible if you knew the right names. They needed to guess just one name, though. Once in, they could go back to the root directory and get access to any of them.

The chat above originally contained passwords for Intel documents that BleepingComputer intentionally removed.

However, the more important detail provided was the claim that they could impersonate any Intel employee with access to the resources, or create their own user. Some of the files are archives protected by an incredibly weak password.

In a statement to BleepingComputer, Intel said that the data appears to be from the Intel Resource and Design Center. A company representative did not speculate on the breach method but said that the leak may be from someone with access to the portal:

“We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data” - Intel representative

Employees in this department have higher than normal privileges that give them access not just to resources for customers and OEMs but also to Intel’s intellectual property like documentation and tools, testing services, and pre-release product info, all available under a corporate non-disclosure agreement (CNDA).

This is a developing story...

SHARE THIS ARTICLE...

Israel IS Intel

Views: 43

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Doc Vega commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"Cheeki kea always nice to her you chime in and you're damn right! "
13 hours ago
Doc Vega commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"Les Prone thanks for your support Dude! "
13 hours ago
Doc Vega posted blog posts
13 hours ago
Doc Vega posted a photo

The inconvenient truth

Trump spells it out!
17 hours ago
Sandy posted a photo
yesterday
Less Prone favorited Doc Vega's blog post What Made the Founding Fathers of America so Brilliant?
yesterday
Less Prone commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Motives of Joe, to shit in the well by showing totally irrelevant proof?"
yesterday
Doc Vega commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Less, Motives of Wyatt or Joe? What archeologist wouldn't want proof of Jesus as part of his…"
yesterday
Doc Vega commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Less Prone, Considering Joe Rogan to be the gatekeeper of anything is just short of ridiculous the…"
yesterday
MAC posted a video

Don't Go To Hong Kong Now (Even on Connecting Flights)

Secure your privacy with Surfshark! Enter coupon code laowhy86 for an extra 3 months free at https://Surfshark.deals/laowhy86Article 23 in Hong Kong is real,...
yesterday
cheeki kea commented on cheeki kea's video
Thumbnail

Terrorist Attack on Moscow - Ukraine Committing Suicide? | Larry C. Johnson

"...And I guess I'll just park this you tube here also for something to ponder from last year.…"
yesterday
tjdavis posted photos
Tuesday
Less Prone posted a video

Climate: The Movie (The Cold Truth) NL

Deze nieuwe documentaire van de Britse filmmaker Martin Durkin toont aan dat klimaatalarm een verzonnen doembeeld is zonder enige wetenschappelijke basis. He...
Monday
Less Prone commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"It can be true, but why isn't he offering real evidence? What are his motives?"
Monday
Less Prone favorited Doc Vega's blog post Americans You’re Being Squeezed Out!
Monday
cheeki kea favorited Less Prone's blog post Going against the stream of lies and death
Monday
cheeki kea commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"You're spot on in regards to the the real estate component of this mass migrant mess Doc V and…"
Monday
cheeki kea commented on cheeki kea's video
Thumbnail

Terrorist Attack on Moscow - Ukraine Committing Suicide? | Larry C. Johnson

"This video out 2 days ago but the 4 terrorists already caught and 11 others involved identified…"
Monday
cheeki kea posted a video

Terrorist Attack on Moscow - Ukraine Committing Suicide? | Larry C. Johnson

Larry C. Johnson is a veteran of the CIA and the State Department’s Office of Counter Terrorism. He is the founder and managing partner of BERG Associates, w...
Monday
Less Prone commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"You have a link to a physical evidence concerning the existence of Jesus, see your mail about…"
Monday

© 2024   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted