Attacker Cites Exposed Akamai Server and “intel123” Password

Intel: “We feel an specific with accessibility downloaded and shared this data”

A misconfigured Akamai CDN (content shipping network) server and files with the password “intel123” have been pinpointed as the obvious trigger of a major leak from Intel which has found 20GB of resource code, schematics and other delicate info posted online.

The leak, posted last night by Tillie Kottman, an IT expert based in Switzerland, has files furnished to companions and prospects by chip maker Intel beneath non-disclosure arrangement (NDA), and includes resource code, development and debugging applications and schematics, applications and firmware for the company’s unreleased Tiger Lake system.

Go through far more: Intel’s 7nm ‘Defect’ Leaves Investors Fretting

In a now-deleted publish, the alleged resource of the leak explained: “They have a company hosted online by Akami CDN that wasn’t correctly safe. After an world-wide-web-large nmap scan I located my target port open up and went by way of a list of 370 probable servers based on specifics that nmap furnished with an NSE script.

“The folders were being just lying open up and I could just guess the name of 1. Then you were being in the folder you could go again to the root and just click on into the other folders that you don’t know the name of.

“Best of all, because of to a further misconfiguration, I could masquerade as any of their workforce or make my individual consumer.”

The resource extra that nevertheless lots of of the zip files on the folder were being password-secured, “most of them [have] the password Intel123 or a lowercase intel123.”

Intel exconfidential Lake Platform Release 😉

This is the to start with 20gb launch in a collection of large Intel leaks.

Most of the matters listed here have NOT been posted Any where before and are labeled as private, beneath NDA or Intel Restricted Solution. pic.twitter.com/KE708HCIqu

— Tillie 1312 Kottmann #BLM 💛🤍💜🖤 (@deletescape) August six, 2020

Kottman expects the info dump will be the to start with in a collection of leaks from Intel.

“Unless I am misunderstanding my resource, I can already tell you that the upcoming pieces of this leak will have even juicier and far more labeled things,” he explained on Twitter.

A spokesman for Intel explained the chipmaker is investigating the leak, but declined to remark on the statements about the misconfigured server and weak passwords.

She explained:“The details appears to appear from the Intel Useful resource and Layout Center, which hosts details for use by our prospects, companions and other external parties who have registered for accessibility.