Intel has suffered a massive data breach. The CPU maker’s important archive, codenamed ‘Intel Ex-Confidential Lake’, was illegally accessed, downloaded, and uploaded to social media by multiple unauthorized individuals.
Intel has reportedly become a victim of a massive data dump, amounting to 20GB of folders and files which contain very critical and sensitive information pertaining to the company’s internal design, development, fabrication, and more practices. Needless to add, besides Intel’s loss, the data breach could open up multiple possibilities of future exploitation of computers and systems that run on Intel hardware.
Intel Suffers Massive Data Breach Through A Folder Shared Illegally Online:
Apparently, Intel suffered the data breach because a folder containing the company’s intellectual data was shared online. It is presently unclear how the folder was accessed and uploaded. The folder must have obviously been stored in one of the most secure and extensively protected areas or accessed-restricted databases. Moreover, the sheer vastness of the categories of data that the folder contains indicates the data might have been collected through multiple databases, collated, and uploaded.
Intel hit with a massive 20GB data breach containing:
➡️Some source code mentions backdoors.https://t.co/BoFzkYwikK
— BleepingComputer (@BleepinComputer) August 6, 2020
An unknown person posted links to an archive that contains the dump of the breach. The data archive, a 20 GB treasure trove, is believed to include Intel Management Engine bring-up guides, flashing tools, samples; source code of Consumer Electronics Firmware Development Kit (CEFDK); silicon and FSP source packages for various platforms; design schematics of various products; and much more. The following list comes directly from the individual in regards to what has been leaked:
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)
The abovementioned list is reportedly a small glimpse, and further scrutiny of the data dump can potentially reveal a lot more information.
Intel Suspects Data Breach Originated From Its Own Resource & Design Center?
The vast amount of data and that too from several diverse areas strongly indicates the individual or group of individuals had high-level access or security clearance to multiple databases that stored extremely private and confidential corporate information about Intel. Incidentally, Intel has released a statement that reads:
“We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners, and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”
$INTC why is there no news published by major news sources (CNBC, Bloomberg, etc) on the Intel data breach?
Expect pullback or weakness once it gets published which might be a more favorable entry point if you are bullish on it for a reversal or LT hold.https://t.co/q3zL48TXMi
— Kelso (@kg_market) August 7, 2020
The majority of data was reportedly accessed earlier this year. Moreover, the files are reported to be of classified status, under NDA, or under Intel Restricted Secret. Simply put, Intel never intended to offer open public access to any of the files, documents, or information, ever.
Despite the massive data breach, Intel might not suffer much. This is because Intel appears to have granted conditional access to third-party partners, one of whom might have leaked the data. So the information wasn’t strictly meant for internal circulation at Intel. However, there are a few mentions of the word “backdoor”. It is not clear if this refers to Intel deliberately leaving access pathways open in otherwise secured technology.
It is important to note that anyone downloading, accessing, reading, or opening such files would become a participant in IP theft and could easily incur legal penalties. In other words, it is strongly advised to stay away from such content.