Intel is the latest company to be pwned by hackers. According to BleepingComputer, A hacker has released 20GB of confidential chip engineering data stolen from Intel. The data that was stolen contains BIOS information and source code of proprietary Intel technology that could be used in building the means to attack computers that use Intel chips. Which would be most of the planet:
According to Tillie Kottmann, a developer and reverse engineer who received the documents from an anonymous hacker, most of the information is supposed to be protected intellectual property. The developer was told that the information was stolen from Intel in a breach this year.
“They were given to me by an Anonymous Source who breached them earlier this Year, more details about this will be published soon,” Kottmann says.
“Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret,” the developer added.
The following list was provided as a partial overview of the 20GB file:
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)
So what does this mean for you? Now that this file is out there, and there is possibly more coming, bad actors will definitely be scraping through this data dump to find any useful vulnerability to attack. That of course is bad.
Intel for its part had this to say:
“We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data” – Intel representative
It still looks really bad on Intel to have this happen. If it’s an internal party, that is easy to deal with. Though I think Intel will still have some questions to answer. But if an external party did this, then Intel will likely find itself having to answer a lot of questions that they likely would not want to answer from a variety of people.
I think it’s safe to say that this is a developing story and we’ll likely be hearing more details about this in the coming days.
Intel Pwned By Hackers…. Forced To Release Financials Early As A Result
Posted in Commentary with tags Hacked, Intel on January 22, 2021 by itnerdIntel said it was the victim of a hacker who stole financially sensitive information from its corporate website on Thursday, prompting the company to release its earnings statement ahead of schedule:
The US computer chipmaker believed an attacker had obtained advanced details about a strong earnings report it was due to publish after the stock market closed, said George Davis, chief financial officer. It published its formal earnings announcement upon discovering the problem, six minutes before the market closed. Intel’s shares rose more than 6 per cent on Thursday, including almost 2 per cent in the final 15 minutes of trading. “An infographic was hacked off of our PR newsroom site,” Mr Davis said. “We put [our earnings] out as soon as we were aware.” He did not provide more details, but said that the leak was the result of an illicit action that had not involved any unintentional disclosure by the company itself. An Intel spokesperson added: “We were notified that our infographic was circulating outside the company. I do not believe it was published. We are continuing to investigate this matter.”
At least Intel was looking for trouble and were able to take quick action upon finding it. But the fact that they got hacked is still problematic. Clearly there will be a deep dive to figure out how to make sure that this never happens again.
Leave a comment »