Intel investigating breach after 20GB of internal documents leak online

Leak confirmed to be authentic. Many files are marked "confidential" or "restricted secret."
Written by Catalin Cimpanu, Contributor
Image: Till Kottmann

US chipmaker Intel is investigating a security breach after earlier today 20 GB of internal documents, with some marked "confidential" or "restricted secret," were uploaded online on file-sharing site MEGA.

The data was published by Till Kottmann, a Swiss software engineer, who said he received the files from an anonymous hacker who claimed to have breached Intel earlier this year.

Kottmann received the Intel leaks because he manages a very popular Telegram channel where he regularly publishes data that accidentally leaked online from major tech companies through misconfigured Git repositories, cloud servers, and online web portals.

The Swiss engineer said today's leak represents the first part of a multi-part series of Intel-related leaks.

ZDNet reviewed the content of today's files with security researchers who have previously analyzed Intel CPUs in past work, who deemed the leak authentic but didn't want to be named in this article due to ethical concerns of reviewing confidential data, and because of their ongoing relations with Intel.

Per our analysis, the leaked files contained Intel intellectual property respective to the internal design of various chipsets. The files contained technical specs, product guides, and manuals for CPUs dating back to 2016.

Image: ZDNet
Image: ZDNet
Image: ZDNet

Below is a summary of the leaked files, as provided by Kottmann:

- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)

None of the leaked files contain sensitive data about Intel customers or employees, based on ZDNet's review. However, the question remains to what else the alleged hacker had access to before stealing and releasing Intel's confidential files.

In an emailed statement sent after this article's publication, Intel denied getting "hacked," disputting Kottmann's claim.

The company suggested that an individual with access to its Resource and Design Center might have downloaded the confidential data without authorization and shared it with the Swiss researcher. The Intel Resource and Design Center is a web portal where Intel provides non-public technical documents to business partners integrating Intel chipsets into their respective products. Many of the documents reviewed by ZDNet contained links to the Resource and Design Center, confirming Intel's current explanation.

The company's full statement is below:

"We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data."

However, ZDNet has also received a copy of the conversation between Kottmann and his source, conversation in which the alleged hacker claimed to have obtained the data via an unsecured server hosted on the Akamai CDN, and not by using an account on the Intel Resource and Design Center.

Image: ZDNet

Updated at 4:05pm ET with Intel statement following initial investigation.

Data leaks: The most common sources

Editorial standards