Attacker Cites Exposed Akamai Server and “intel123” Password

FavoriteLoadingInclude to favorites

Intel: “We think an individual with accessibility downloaded and shared this data”

A misconfigured Akamai CDN (content material shipping and delivery community) server and information with the password “intel123” have been pinpointed as the clear induce of a significant leak from Intel which has viewed 20GB of supply code, schematics and other delicate info published on the net.

The leak, posted previous night time by Tillie Kottman, an IT consultant primarily based in Switzerland, has information offered to partners and prospects by chip maker Intel below non-disclosure settlement (NDA), and involves supply code, progress and debugging resources and schematics, resources and firmware for the company’s unreleased Tiger Lake system.

Examine far more: Intel’s 7nm ‘Defect’ Leaves Buyers Fretting

In a now-deleted article, the alleged supply of the leak explained: “They have a support hosted on the net by Akami CDN that was not thoroughly safe. Soon after an world wide web-wide nmap scan I identified my focus on port open and went as a result of a list of 370 feasible servers primarily based on information that nmap offered with an NSE script.

“The folders were being just lying open and I could just guess the name of 1. Then you were being in the folder you could go back to the root and just click into the other folders that you really don’t know the name of.

The Intel leak described in a (now deleted) article by the meant perpetrator

“Best of all, due to a different misconfiguration, I could masquerade as any of their personnel or make my own consumer.”

The supply additional that while a lot of of the zip information on the folder were being password-safeguarded, “most of them [have] the password Intel123 or a lowercase intel123.”

Kottman expects the info dump will be the initial in a sequence of leaks from Intel.

“Unless I am misunderstanding my supply, I can by now explain to you that the potential sections of this leak will have even juicier and far more categorized things,” he explained on Twitter.

A spokesman for Intel explained the chipmaker is investigating the leak, but declined to remark on the statements about the misconfigured server and weak passwords.

She explained:“The facts appears to arrive from the Intel Resource and Structure Center, which hosts facts for use by our prospects, partners and other external functions who have registered for accessibility.

“We think an individual with accessibility downloaded and shared this info.”

The incident is a stark reminder — if any were being desired — that proactively mimicking these forms of tactics by hackers is important to organization security, regardless of whether that is by way of regular Red Teaming, or other tactics.

The latest security assistance from the NSA (focussed on OT environments, but relevant across a lot of IT environments too), noted that greatest methods include:

  • Fully patching all World-wide-web-available methods.
  • Segmenting networks to shield workstations from immediate exposure to the world wide web. Put into action safe community architectures making use of demilitarized zones (DMZs), firewalls, bounce servers, and/or 1-way communication diodes.
  • Be certain all communications to remote devices use a virtual personal community (VPN) with robust encryption additional secured with multifactor authentication.
  • Check and validate the reputable business need for these types of accessibility.
  • Filter community visitors to only enable IP addresses that are recognised to need accessibility, and use geo-blocking wherever acceptable.
  • Connect workstations to community intrusion detection methods wherever feasible.
  • Seize and overview accessibility logs from these methods.
  • Encrypt community visitors to stop sniffing and male-in-the-middle tactics.

See also: National Protection Company: Believe Your OT Handle Technique Will Get Turned Towards You