About 20 GB of Intel internal technical documentation and source code leaked

Tillie Kottman developer of the Swiss Android platform, a leading data breach on the Telegram channel, unveiled open access to 20 GB of internal technical documentation and source code, result of large leaks from Intel. It is claimed to be the first set of a submitted collection by an anonymous source.

Many documents are marked confidential, corporate secrets or are distributed only under a nondisclosure agreement. The most recent documents are dated early May and include information on the new Cedar Island (Whitley) server platform.

There are also 2019 documents, for example, they describe the Tiger Lake platform, but most of the information is from 2014. In addition to documentation, the kit also contains code, debugging tools, circuits, drivers, training videos.

Intel said it has launched an investigation into the incident. According to preliminary information, the data was obtained through the information system "Intel Resource and Design Center", which contains information with limited access for customers, partners and other companies with which Intel interacts.

Most likely is that the information has been uploaded and published by someone with access to the information system. One of the former Intel employees voiced his version during the discussion on Reddit, noting that the leak may be the result of employee sabotage or hacking of one of the motherboard OEMs.

The anonymous sender of documents for publication indicated that the data was downloaded from a non-secure server hosted on the Akamai CDN, and not from the Intel Design and Resource Center.

The server was discovered by accident during a scan massive host using nmap and was compromised via a vulnerable service.

The leaked information has already been distributed through BitTorrent networks and is available through a magnet link. The size of the zip file is approximately 17 GB (and the passwords to unlock are "Intel123" and "intel123").

The leaked information includes:

• Intel ME (Management Engine) manuals, flash utilities and examples for different platforms.
• BIOS reference implementation for the Kabylake (Purley) platform, samples and code for initialization (with change history from git).
• Intel CEFDK (Consumer Electronics Firmware Development Kit) source code.
• FSP (Firmware Support Package) code and manufacturing diagrams for various platforms.
• Various utilities for debugging and development.
• Simics - Rocket Lake S platform simulator.
• Various plans and documents.
• Binary drivers for an Intel camera made for SpaceX.
• Schematic diagrams, documents, firmwares and tools for the unreleased Tiger Lake platform.
• Kabylake FDK tutorial videos.
• Intel Trace Hub and files with decoders for different versions of Intel ME.
• Reference implementation of the Elkhart Lake platform and code samples to support the platform.
• Verilog hardware block descriptions for different Xeon platforms.
• BIOS / TXE debug builds for different platforms.
• Bootguard SDK.
• Process simulator for Intel Snowridge and Snowfish.
• Various schemes.
• Marketing templates.

Additionally, it can be noted that at the end of July Tillie Kotmann published the contents of the repositories, obtained as result of data leaks from about 50 companies, for the public.

The list includes companies such as Microsoft, Adobe, Johnson Controls, GE, AMD, Lenovo, Motorola, Qualcomm, Mediatek, Disney, Daimler, Roblox, and Nintendo, as well as various banks, finance, automotive and travel companies.

The main source of the leak was misconfiguration of the DevOps infrastructure and leaving passwords in public repositories. Most of the repositories were copied from local DevOps systems based on the SonarQube, GitLab and Jenkins platforms, which were not available appropriately restricted (local instances of DevOps platforms accessible from the web used the default settings to allow public access to projects).

Additionally, in early July, as a result of the compromise of the Waydev service used to generate analytical reports on activity in the Git repositories, there was a database leak, including one that included OAuth tokens to access the repositories. on GitHub and GitLab.