In a massive data leak, a repository link that contains up to 20GB worth of confidential Intel intellectual property (IP) including source code, processor generation documentation, and more have been posted on the web.
The data was released by Tillie Kottmann, a Swiss software engineer and open security advocate, who said he received the files from an anonymous hacker who claimed to have breached Intel earlier this year.
“They were given to me by an Anonymous Source who breached them earlier this year, more details about this will be published soon,” Kottmann says.
“Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret.”
Kottmann has called this first release of data as the “Intel exconfidential Lake Platform Release” and stated that this is one of the many several planned Intel-related leaks.
Intel exconfidential Lake Platform Release 😉
This is the first 20gb release in a series of large Intel leaks.
Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret. pic.twitter.com/KE708HCIqu
— Tillie 1312 Kottmann #BLM ???? (@deletescape) August 6, 2020
Meanwhile, ZDNet who reviewed the content of the leaked files with security researchers were able to verify the data as being authentic. The leaked files contained Intel intellectual property in terms of the internal designers of various chipsets, including technical specs, product guides, and manuals for CPUs dating back to 2016.
Given below is a rundown of what’s included in this initial data dump, as provided by Kottmann:
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)
Based on ZDNet’s review, none of the leaked files contains any personally identifiable information on Intel employees or customers.
In a statement released by Intel, the U.S. chipmaker disputed Kottmann’s claim and denied being hacked. However, they did acknowledge that the data dump seems to have come from the Intel Resource and Design Center, a secure Intel repository for third-party partners to access numerous confidential documents and schematics.
“We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data,” Intel said in a statement.
According to a copy of the conversation obtained by ZDNet between Kottmann and his source explains how the purported source of the leaked Intel documents managed to get the data. The alleged hacker claimed to have obtained the data via an unsecured Akamai CDN server hosting Chipzilla’s files, and not by using an account on the Intel Resource and Design Center.
Kottmann told The Register that the archives received by them were obtained from the partners-only design center: “As far as I am informed, the data I have was pretty much directly grabbed from the CDN for Intel’s Resource and Design Center.”
Further, sources familiar with Intel’s investigation told The Register that since it is uncertain when the shared documents obtained from the center, the information may not be updated.
Watch this space for more updates, as this is a developing story.
