Swiss IT consultant Till Kottmann received the files via an anonymous source. Here is an overview of what the leak entails:
Intel ME Bringup guides + (flash) tooling + samples for various platforms Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history) Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES Silicon / FSP source code packages for various platforms Various Intel Development and Debugging Tools Simics Simulation for Rocket Lake S and potentially other platforms Various roadmaps and other documents Binaries for Camera drivers Intel made for SpaceX Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform (very horrible) Kabylake FDK training videos Intel Trace Hub + decoder files for various Intel ME versions Elkhart Lake Silicon Reference and Platform Sample Code Some Verilog stuff for various Xeon Platforms, unsure what it is exactly. Debug BIOS/TXE builds for various Platforms Bootguard SDK (encrypted zip) Intel Snowridge / Snowfish Process Simulator ADK Various schematics Intel Marketing Material Templates (InDesign) Lots of other things
They were given to me by an Anonymous Source who breached them earlier this Year, more details about this will be published soon.
— Tillie 1312 Kottmann #BLM ???????????????? (@deletescape) August 6, 2020
An overview of the contents: https://t.co/cYt8Y4j3CQ pic.twitter.com/bqruJF2kNn
Intel is investigating the matter and believes the data was retrieved from a server that hosts data for use by Intel's customers, partners, and other external parties:
“We are investigating this situation,” company officials said in a statement. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”ARS Technica writes the original source reportedly found the data on an improperly secured server hosted by Akami CDN after scanning the Internet with the Nmap security scanner:
source: They have a server hosted online by Akami CDN that wasn't properly secure. After an internet wide nmap scan I found my target port open and went through a list of 370 possible servers based on details that nmap provided with an NSE script.At the moment, it doesn't seem like something very significant has been found yet in this first batch of data. It's all data that gets shared with Intel partners, so it doesn't contain critical Intel data like CPU design materials.
source: I used a python script I made to probe different aspects of the server including username defaults and unsecure file/folder access.
source: The folders were just lying open if you could guess the name of one. Then when you were in the folder you could go back to root and just click into the other folders that you didn't know the name of.
deletescape: holy shit that's incredibly funny
source: Best of all, due to another misconfiguration, I could masqurade as any of their employees or make my own user.
deletescape: LOL
source: Another funny thing is that on the zip files you may find password protected. Most of them use the password Intel123 or a lowercase intel123
source: Security at it's finest.