Magnet link to leaked Intel database reveals ~90GB content

Summary

CloudSEK researchers discover a magnet link to an archive that contains Intel's internal data, including release notes, NDA agreements, etc.
CloudSEK has discovered a data leak that contains the internal data of Intel. The database includes schematics of various processor lines, release notes, NDA agreements and licenses, and internal debugging tools and binaries.   

Discovery of the leak

CloudSEK researchers discovered a magnet link to the archive which was announced on Twitter by user Tillie Kottman (@deletescape). This account has then been suspended, following the incident. The size of the database as mentioned in the tweet is “20+ GB.” However, the actual size of the records is ~90GB.   

The contents of the leak

The sample records contain: 
  • Kabylake BIOS reference code and sample code, initialization code 
  • Intel Consumer Electronics Firmware Development Kit sources
  • Silicon/ FSP source code packages for various platforms
  • Various Intel development and debugging tools
  • Simics simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Intel’s binaries for SpaceX camera drivers
  • Schematics, documents, tools, and firmware data related to the unreleased Tiger Lake platform
  • Kabylake FDK training videos
  • Intel Trace Hub and decoder files for various Intel ME versions
  • Sample code for Elkhart Lake Silicon Reference and Platform 
  • Debug BIOS/TXE builds for various platforms
  • Bootguard SDK 
  • Intel Snowridge/ Snowfish process simulator ADK
  • Intel marketing material templates (InDesign)
  • Apollo Lake Intel(R) TXE 3.1.75.2351_MR
  • APS Software
  • Certificates
  • Lakefield Pets
  • tigerisland-rev1
 

Data verification and validation 

We were able to confirm the leaked files using the magnet link. Intel Data Leak  

Impact

  1. Threat actors use internal tools to debug the existing hardware systems and codes.
  2. The disclosure of schematics could allow attackers to target the hardware. 
  3. Threat actors will be able to conduct further analysis using the published firmware details.
 

Next steps

Recommendations for affected users:
  1. Pay attention to the vendor’s response for updates.
  2. Don’t open unsolicited email attachments and links, claiming to be from the vendor.
  3. Use strong passwords wherever necessary and avoid password reuse.
  4. Verify access/ permission granted to applications.

Table of Contents

Request an easy and customized demo for free