The documents were published on file-sharing platform MEGA by Swiss software engineer Tillie Kottmann, who said that they had been passed to them by an anonymous hacker. Kottmann manages a Telegram channel (@deletescape) for acquiring and subsequently sharing leaked confidential materials with the public.
The hacker claimed to have breached Intel earlier this year.
Intel exconfidential Lake Platform Release 😉
This is the first 20gb release in a series of large Intel leaks.
Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret. pic.twitter.com/KE708HCIqu
— Tillie 1312 Kottmann #BLM 💛🤍💜🖤 (@deletescape) August 6, 2020
According to Kottmann: “Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret”.
They said that this release contained documents relating to a range of products, such as its Kaby Lake CPUs, next-generation Tiger Lake CPUs (which will launch in September), and a sensor package developed for SpaceX. The materials included internal presentations, “very horrible” training videos, marketing materials, and source code for various platforms.
The anonymous hacker told Kottmann that they used the nmap port-scanning tool to identify an unsecured Intel server on Akamai CDN. They then used a Python script to guess default usernames and gain access to documents on the system; according to the hacker access to the folders was possible if just one username had been guessed correctly.
The hacker told Kottmann that they were able to masquerade as any employee or make their own user, due to a misconfiguration.
Kottmann commented that “if you find password-protected zips in the release the password is probably either ‘Intel123’ or ‘intel123’” – with the password possibly having been set by Intel itself – and added that this was a long way from being the worst case of poor corporate password-management.
There is the small possibility of backdoor information present in the leaked documents, with the word ‘backdoor’ reportedly appearing twice in the source code associated with Intel’s Purely Refresh chipset for Xeon CPUs.
This may be the first Intel release in a series, with Kottmann saying that future parts of the leak would be “even juicier and more classified”, although the hacker would need to ensure that they are safe before leaking any further documents.
Intel is already investigating the cause of the apparent leak and assessing how recent and sensitive the material is.
An Intel spokesperson rejected the explanation given to Kottmann by the hacker, instead suggesting that the materials came from the Intel Resource and Design Centre, which “hosts information for use by our customers, partners and other external parties who have registered for access”.
“We believe an individual with access downloaded and shared this data,” they said.