Attacker Cites Exposed Akamai Server and “intel123” Password

By Leora R. Isham 4 years ago

FavoriteLoadingAdd to favorites

Intel: “We believe that an personal with accessibility downloaded and shared this data”

A misconfigured Akamai CDN (material delivery community) server and information with the password “intel123” have been pinpointed as the obvious induce of a important leak from Intel which has noticed 20GB of resource code, schematics and other sensitive facts published online.

The leak, posted final evening by Tillie Kottman, an IT consultant primarily based in Switzerland, is made up of information offered to associates and customers by chip maker Intel below non-disclosure arrangement (NDA), and features resource code, enhancement and debugging resources and schematics, resources and firmware for the company’s unreleased Tiger Lake system.

Go through additional: Intel’s 7nm ‘Defect’ Leaves Buyers Fretting

In a now-deleted write-up, the alleged resource of the leak reported: “They have a company hosted online by Akami CDN that wasn’t properly secure. Immediately after an online-huge nmap scan I located my target port open up and went by way of a record of 370 probable servers primarily based on particulars that nmap offered with an NSE script.

“The folders were being just lying open up and I could just guess the title of one particular. Then you were being in the folder you could go back again to the root and just click on into the other folders that you do not know the title of.

The Intel leak spelled out in a (now deleted) write-up by the intended perpetrator

“Best of all, due to another misconfiguration, I could masquerade as any of their workforce or make my personal person.”

The resource added that although a lot of of the zip information on the folder were being password-protected, “most of them [have] the password Intel123 or a lowercase intel123.”

Kottman expects the facts dump will be the initial in a collection of leaks from Intel.

“Unless I am misunderstanding my resource, I can now convey to you that the long term sections of this leak will have even juicier and additional categorized stuff,” he reported on Twitter.

A spokesman for Intel reported the chipmaker is investigating the leak, but declined to remark on the promises about the misconfigured server and weak passwords.

She reported:“The details seems to occur from the Intel Useful resource and Style and design Heart, which hosts details for use by our customers, associates and other external parties who have registered for accessibility.

“We believe that an personal with accessibility downloaded and shared this facts.”

The incident is a stark reminder — if any were being required — that proactively mimicking these types of methods by hackers is important to enterprise safety, no matter whether that is by way of typical Purple Teaming, or other methods.

Latest safety direction from the NSA (focussed on OT environments, but applicable across a lot of IT environments far too), famous that greatest tactics consist of:

  • Absolutely patching all World-wide-web-accessible methods.
  • Segmenting networks to shield workstations from direct exposure to the online. Apply secure community architectures utilizing demilitarized zones (DMZs), firewalls, leap servers, and/or one particular-way interaction diodes.
  • Be certain all communications to distant units use a virtual personal community (VPN) with potent encryption additional secured with multifactor authentication.
  • Test and validate the respectable business enterprise have to have for these types of accessibility.
  • Filter community visitors to only enable IP addresses that are recognised to have to have accessibility, and use geo-blocking where appropriate.
  • Connect workstations to community intrusion detection methods where possible.
  • Capture and assessment accessibility logs from these methods.
  • Encrypt community visitors to reduce sniffing and person-in-the-middle methods.

See also: National Stability Company: Assume Your OT Command Process Will Get Turned Towards You

Tags: , , , , , ,