Reports said that the U.S. chipmaker Intel was allegedly hacked 20GB data exfiltrated from its systems. It is reported that the leaked data includes source codes, developer documents and tools, and other confidential documents.
The leaked information was shared by hackers in public file-sharing service – MEGA. As per Mr. Tillie Kottman, a reverse engineer and a developer who received the documents, an anonymous hacker, most of the documents hacked were information that supposed to have Intellectual Property protection. It was reported that the information was acquired from Intel in a cyber-attack that was made earlier this year.
Most of the information acquired was not published anywhere before and are confidential, and under a non-disclosure agreement (NDA) or Intel Restricted Secret added by Mr. Kottman.
An Intel spokesperson explained that Intel’s product development policy and practices forbid any steps that allow unauthorized device access (aka backdoors) that can expose sensitive device information or bypass security features.
It was also revealed that the archive includes technical specifications related to internal chipset design.
It is fortunate to know that none of the leaked files contains any data about Intel’s employees and customers.
As per Intel, they are currently investigating the situation, and they concluded that this confidential data must have been unauthorized downloaded by an individual from the Resource and Design Center and shared it to Mr. Kottman.
As per an Infosec Security firm, who received a copy of the conversation between Kottman and the source, the hacker claimed to acquire the data by using an unsecured server that is hosted in Akamai Cloud Network and not through an account from Intel Resource and Design Center.
The hacker claimed that they could easily create a fake Intel employee access to the resources or create their user. According to them, some files are archives files that were “secured” by incredibly weak passwords.
iZOOlogic, through its Data Loss Recovery services, do a scan automatically, or as per needed based on specifications, leaks such as these are also recovered to benchmark the potential damage of the data breach. There are many possibilities of what will happen next now that the blackhat members of the Infosec industry are aware of such an unfortunate incident. It is best to act and attempt to reduce the damage by performing a site takedown on any servers or sites that publicly host these types of contents. Hosting these files is can result in intellectual property violations such as Copyright infringement.