Tillie Kottmann, a Switzerland-based IT consultant and self-proclaimed leaker, posted a massive 20GB initial data dump on Twitter, calling it “Intel exconfidential Lake Platform Release.” This data was supposedly downloaded “earlier this year.”
This data dump purportedly contains:
Obviously, that is quite the list of materials in just this first 20GB chunk of the hacker’s alleged trove of stolen data. Intel has already released a response statement to several media outlets when inquired, saying: “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”
However, Kottman, while discussing how the data was obtained by his anonymous source, was given a more detailed account. The data was stored on a misconfigured server, hosted by Akami CDN. The hacker stated he used an internet-wide nmap scan to find systems with a desired open port, finding 370 possible servers. They used a python script to probe aspects of the servers and stuff username/password defaults as well as look for unsecured file/folder access. The targeted folders were allegedly “lying open if you could guess the name of one.” Once found, it was a quick directory traversal to get in to any other folder you didn’t know the name of. Moreover, another misconfiguration allowed the hacker to be able to masquerade as any employee and even create new users.
This account shows why Intel would believe it was an authorized user who leaked the information.
Once again, we get yet another massive data breach caused by misconfigured cloud services or publicly-accessible servers, leading to major fallout for affected companies. Capital One’s data breach affecting more than 100 million people in the USA and another 6 million in Canada is one such recent example.
Several zip files included in the data leak are encrypted, however they use easily-guessable, short passwords. Had these files been more-heavily secured with sufficiently long passwords and not stored alongside documentation containing the password, they’d likely still be uncracked.
Using best-practice configurations by trained professions is sadly commonly overlooked by many big corporations, and we end up with highly vulnerable systems that leak data. Breach after breach has compromised highly damaging data that impacts millions of citizens, sometimes exposing them to identity fraud for their entire lifetime, such as in the Equifax hack. However, in Intel’s case, it’s the company itself that is harmed by the data breach, with confidential source code, tools, and other materials making its way out to the internet at large.
As this story unfolds, I’m sure we’ll see just how damaging some of the leaked contents are, as security researchers and enthusiasts comb over the exposed data.