Tech

More than 20GB of Intel source code and proprietary data dumped online

EnlargeTillie Kottman

Intel is investigating the purported leak of more than 20 gigabytes of its proprietary data and source code that a security researcher said came from a data breach earlier this year.

The data—which at the time this post went live was publicly available on BitTorrent feeds—contains data Intel makes available to partners and customers under NDA, a company spokeswoman said. Speaking on background, she said Intel officials dont believe the data came from a network breach. She also said the company is still trying to determine how current the material is and that, so far, there is no signs the data includes any customer or personal information.

“We are investigating this situation,” company officials said in a statement. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

Exconfidential Lake

The data was published by Tillie Kottmann, a Swiss software engineer who offered barebones details on Twitter. Kottmann has dubbed the leak “exconfidential Lake,” with Lake being a reference to the Intel insider name for its 10 nanometer chip platform. They said they obtained the data from a source who breached Intel earlier this year and that today's installment would be followed by others in the future.

“Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret,” Kottmann wrote. They said some of the contents included:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (very horrible) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)
  • Lots of other things

Material as recent as May

A quick review of the leaked material shows that it consists of confidential materials that Intel customers need to design motherboards, BIOS, or other things that work with CPUs and other chips Intel makes. Although were still analyzing the contents, were seeing design and test documents, source code, and presentations ranging from as early to Q4 2018 to just a couple of months ago.

Most of these documents and source code packages apply to Intel CPU platforms, like Kaby Lake or the upcoming Tiger Lake, although there is a smattering of other documents relating to other products, such as a sensor package Intel developed for SpaceX.

There is also a folder dedicated to the Intel Management Engine, but its conRead More – Source

[contf]
[contfnew]

arstechnica

[contfnewc]
[contfnewc]