Attacker Cites Exposed Akamai Server and “intel123” Password
Incorporate to favorites
Intel: “We imagine an specific with access downloaded and shared this data”
A misconfigured Akamai CDN (information supply community) server and data files with the password “intel123” have been pinpointed as the evident result in of a significant leak from Intel which has seen 20GB of resource code, schematics and other sensitive info published on the web.
The leak, posted very last night time by Tillie Kottman, an IT consultant based mostly in Switzerland, contains data files delivered to partners and buyers by chip maker Intel below non-disclosure agreement (NDA), and consists of resource code, enhancement and debugging applications and schematics, applications and firmware for the company’s unreleased Tiger Lake platform.
Examine more: Intel’s 7nm ‘Defect’ Leaves Traders Fretting
In a now-deleted post, the alleged resource of the leak stated: “They have a company hosted on the web by Akami CDN that wasn’t effectively safe. Right after an internet-large nmap scan I observed my concentrate on port open and went by way of a listing of 370 probable servers based mostly on information that nmap delivered with an NSE script.
“The folders have been just lying open and I could just guess the name of a person. Then you have been in the folder you could go again to the root and just click into the other folders that you really do not know the name of.
“Best of all, thanks to another misconfiguration, I could masquerade as any of their workers or make my own consumer.”
The resource additional that though many of the zip data files on the folder have been password-protected, “most of them [have] the password Intel123 or a lowercase intel123.”
Intel exconfidential Lake System Launch 😉
This is the very first 20gb launch in a series of huge Intel leaks.
Most of the things below have NOT been published Wherever right before and are classified as confidential, below NDA or Intel Restricted Top secret. pic.twitter.com/KE708HCIqu
— Tillie 1312 Kottmann #BLM 💛🤍💜🖤 (@deletescape) August 6, 2020
Kottman expects the info dump will be the very first in a series of leaks from Intel.
“Unless I am misunderstanding my resource, I can presently convey to you that the upcoming areas of this leak will have even juicier and more classified stuff,” he stated on Twitter.
A spokesman for Intel stated the chipmaker is investigating the leak, but declined to comment on the statements about the misconfigured server and weak passwords.
She stated:“The data seems to appear from the Intel Source and Design and style Center, which hosts data for use by our buyers, partners and other external parties who have registered for access.
“We imagine an specific with access downloaded and shared this info.”
The incident is a stark reminder — if any have been necessary — that proactively mimicking these types of practices by hackers is critical to organization stability, whether or not that is through regular Red Teaming, or other practices.
Modern stability steering from the NSA (focussed on OT environments, but relevant throughout many IT environments as well), noted that finest tactics incorporate:
- Thoroughly patching all Internet-obtainable devices.
- Segmenting networks to guard workstations from immediate exposure to the internet. Put into action safe community architectures utilizing demilitarized zones (DMZs), firewalls, jump servers, and/or a person-way conversation diodes.
- Guarantee all communications to distant equipment use a virtual personal community (VPN) with powerful encryption more secured with multifactor authentication.
- Check out and validate the legitimate business enterprise require for this kind of access.
- Filter community targeted traffic to only let IP addresses that are known to require access, and use geo-blocking where suitable.
- Link workstations to community intrusion detection devices where feasible.
- Capture and assessment access logs from these devices.
- Encrypt community targeted traffic to reduce sniffing and man-in-the-middle practices.
