The Good, the Bad and the Ugly in Cybersecurity – Week 32

The Good

If you are under thirty, and already earned the nicknames “Onassis,” “Flagler,” “Socrates,” and “Ecclesiastes,” and you are wanted by the US Justice department, you have to be some kind of criminal mastermind. And Valerian Chiochiu is just that. On Friday, July 31, he pleaded guilty to a charge of “RICO conspiracy” (Racketeer Influenced and Corrupt Organizations).

Eight years ago he joined a criminal syndicate called “Infraud” and quickly became the technical expert on all malware related matters. He served as the technical “guru” of the organization, instructing other members on using malware. He even created the malware known as FastPOS, dedicated to stealing credit card details from point-of-sale devices.

Infraud activities netted an estimated $568 million in revenue. In its heyday around 2017, there were 10,901 registered members of the Infraud Organization, and they even coined the tagline: “in Fraud we trust”. The ring was taken down in 2018 and Chiochiu is the second of 36 individuals identified by the DOJ as the main conspirators to plead guilty. The DOJ is laudably working towards bringing the perpetrators to justice even years after the operation was dismantled.

The Bad

Intel, the world’s largest chip manufacturer, has been hacked. That in itself is bad, but the attack also saw the theft and subsequent release of 20 gigabytes of confidential files and intellectual property. And it gets even worse. Till Kottmann, a Swiss IT consultant, posted on Twitter a link to a file sharing service today that contains a huge portion of Intel’s IP.

According to sources, the leak contains the following information:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kaby Lake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit)
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • Kaby Lake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics

Intel’s response: “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

Beyond that statement, it is unclear how the data was obtained, but the implications for both Intel and cyber security in general could be profound. We’ll be watching closely to see how this one unfolds.

The Ugly

Remember how Twitter was hacked? The FBI was very swift, identifying and arresting the three culprits. The main suspect, recent high school graduate Graham Clark from the city of Tampa, Florida, was arrested last week and pleaded “not guilty”. The Judicial Circuit Court of Florida in Tampa held a bail hearing yesterday to discuss the plaintiff’s request to lower the bail from the original sum set at $725,000. As with many current court hearings, this was held on Zoom. Somehow, the technical details of how to prevent zoom-bombing eluded this particular court staff, and the discussion was interrupted shortly after it began (47 seconds): first with random people making comments, and then, predictably, with someone streaming pornographic videos. The prosecutor’s face says it all.

He then tweeted about the experience:

The nasty part of the discussion was recorded and posted on Twitter (definitely a NSFW link!).

The discussion went on for another 25 minutes before they had to call it quits. The bail remains at $725,000 and Mr. Clark will remain in prison until his next hearing in October, where he will be facing charges for 7 counts of communications fraud and 11 counts of fraudulent use of personal information. Hopefully, the proceedings of the next hearing will be somewhat better protected.