Executive Summary

While the proposed U.S. ban of the social media app TikTok may seem novel, its actually just the most recent high-profile incident in a string of cases of countries banning products or services over alleged cybersecurity concerns. The authors have studied more than 75 such events involving more than 31 countries going back almost 20 years. They suggest that the current trend should worry any business with an international scope, and suggest thatbusiness executives need to not only follow the best practices to improve the cybersecurity of their digital product and services, they must also prepare for political risks. Managers, as well as consumers, may encounter extreme disruptions to international trade.

Earlier this summer, the U.S. government announced it was considering banning Chinese social media apps, including the popular app TikTok. In August, President Trump signed two executive orders to block transactions with ByteDance, TikToks parent company, and Tencent, which owns the popular messaging service and commercial platform WeChat, andanother executive orderrequiring ByteDanceto sell or spin off its U.S. TikTok business within 90 days, as well as to destroy all its copies of TikTok data attached to U.S. users. As companies including Microsoft, Walmart, and Oracle have expressed interest in buying the app,TikTok is suing the U.S. government, accusing the Trump administration of depriving it of due process.

The proposed ban, according to the Trump administration, is intended to safeguard the privacy of U.S. citizens and shield data about them and government officials from the Chinese government. Trumps August 6 executive order claims TikTok could allow China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage. But, is TikTok really a threat? And if it is, what are the possible consequences of these actions by the U.S.?

As researchers who have studied similar bans on technologies, we believe that this chain of events could have sweeping impacts on the business community, which will likely not be confined to the tech sector.

If data collection by a company with overseas connections comprises a threat, there are threats all around. The data that TikTok collects pales in comparison to, say, what most American tech companies (as well as banks, credit agencies, and hotels) collect, both visibly and less so. Many institutions that collect sensitive data have already been hacked it is estimated that there is a cyber attack every 39 seconds and much of that information is for sale on the Dark Web. If the Chinese government wanted the kind of information TikTok could collect, it could be obtained in many other ways.

What will likely prove a more pressing threat to U.S. customers is much more low-tech: Setting a precedent of banning everyday technologies could quickly spiral out of control and seriously disrupt almost all international trade.

While the case against TikTok may seem novel, its actually just the most recent high-profile incident in a string of cases of countries banning products or services over alleged cybersecurity concerns. In our research, we have studied more than 75 such events involving more than 31 countries going back almost 20 years, though most occurred in the past five years. For example, in 2017, Germany bannedMy Friend Carly a doll from the U.S. that you could talk to you because the conversation was processed by servers in the U.S. In 2016, Russia blocked access to LinkedIn, stating that LinkedIn refused to store personal data of Russian users in Russia. In 2017 U.S. blocked the Russian security company Kaspersky over its alleged ties to the Russian government.

These cases build on a trend of high-profile bans, such as when China blocked Facebook, Twitter, and Google (2009), and when BlackBerry was banned or threatened with a ban in India, Pakistan, Saudi Arabia, and United Arab Emirates (2010).

Because any product that contains a computer or service that uses a computer nowadays just about everything can introduce cybersecurity risks, the frequency and impact of these events is increasing. (My electronic toothbrush has a computer in it and is connected to the Internet.) Examining the millions of lines of software or firmware in these products and services is not currently feasible, therefore decisions are made based on the perceived risks, which can be impacted by factors such as trust and capability to manage cybersecurity risks. There have been restrictions imposed on products and services as diverse as: medical devices, videoconference services, software products, security software, social media, security cameras, banking IT systems, drones, smartphones, smart toys, online content services, satellite communications, AI software, and financial services such as international fund transfers and payment systems.

According to the Organization for Economic Cooperation and Developments Digital Trade Service Restrictiveness Index, 13 of the 46 majority economies have increased their digital trade restrictions between 2014 and 2019, while only four countries reduced their restrictions.

In general, there are four strategies for managing risks: accept, avoid, mitigate, and transfer. There aremany practical options that countries and companies can adopt to manage cybersecurity risks from cross-border digital products/services. Unfortunately, banning products is becoming increasingly common and doesnt appear to be a particularly sustainable strategy.

The proposed ban reinforces a growing belief that America is no longer the leading guarantor of global business, but rather a potential threat to it a notion that is profoundly reshaping the world economy and threatening American businesses. TikTok and WeChat both have massive user bases (800 million and close to 1.2 billion, respectively). Removing WeChat from the Apple Store could cause Apples iPhone sales to fall by around 30% according to one prominent analyst. In an August call with White House officials, more than a dozen major U.S. multinational companies raised concerns that banning WeChat could undermine their competitiveness in the Chinese market.

The second-order cost of sabotaging the international business environment with these policies could be much higher:86% of companies in the U.S.-China Business Council have reported experiencing negative impacts on their business with China. The biggest impact was lost sales because customers shift their suppliers or sourcing due to uncertainty of continued supply. Companies worried about a U.S. ban may just initiate aDe-Americanization plan to remove or replace U.S. components in their products and supply chains. For example, in February 2019, WorldFirst, a U.K-based international money transfer service that many big Amazon sellers relied on, closed its U.S. business as a precursor to its acquisition by Chinese-based Ant Financial. This was considered the only way to avoid U.S. regulators blocking the deal over national security concerns. On the other hand, the Chinese company Hikvision found alternatives to most of its U.S. components so that being added to the U.S. trade blacklist had a limited impact on its business.

Business executives need to realize that in addition to following the best practices to reduce the perceived cybersecurity risks from their digital product/services, preparing for political risks is also necessary. TikTok implemented several practices to mitigate the risks, including: storing U.S. user data in the U.S. and backing it up on Singaporean servers, blocking access to its data from its mother company ByteDance, hiring an American CEO and operations team, beefing up its lobbying team, withdrawing from Hong Kong based on the concerns over Chinas new national security law, launching a transparency center for moderation and data practices in Los Angeles, banning political and advocacy advertising from its platform, and setting up a global headquarters outside of China. TikTok and its employees are preparing to battle the ban in separate lawsuits.

Though these practices have not yet helped TikTok to void the ban, they will probably be major arguments in its lawsuit against the U.S. Furthermore, these practices may be important directions that all companies might need to follow for doing international business in the new normal to address concerns over cybersecurity risks.

In reality, banning is more likely to increase not reduce risk, because it builds up distrustamong countries and companies. Other countries may retaliate by banning U.S. companies and the situation could rapidly spiral.

In recent years, governments have tried to increase their ability to access the data contained on these devices and services. For example, WhatsApp advertises that it secures your conversations with end-to-end encryption, which means your messages and status updates stay between you and the people you choose. But, several times, most recently in October 2019, the U.S., UK and Australia have applied pressure on Facebook to create backdoors that would allow access to encrypted message content. So far, Facebook and WhatsApp have refused. If such backdoors are allowed and become commonplace, then every Internet-connected device will essentially be a spy device and likely be banned by every other country.

The abuse of national security threat is snowballing and leading to an escalating trade war that could disrupt world trade. We saw a similar situation caused by the Smoot-Hawley Tariffs in the 1930s. The goal was to protect U.S. farmers and other industries that were suffering during the Great Depression by raising tariffs and discouraging import of products from other countries. But, not surprisingly, almost all of the U.S. trade partners retaliated and raised their tariffs. That resulted in U.S. imports decreasing 66%and exports decreasing 61% making the Great Depression much greater. In general, there are rarely winners in trade wars, and probably not in cyber trade wars.

Acknowledgement: This research was supported, in part, by funds from the members of the Cybersecurity at MIT Sloan (CAMS) consortium and the MIT Internet Research Policy Initiative. Both authors contributed equally.

More:
The TikTok Ban Should Worry Every Company - Harvard Business Review

Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. Hed tell the players that they start with the basics, then hed take a football and hold it up and tell them, This is a football. In football, as in life and IT Security, starting with the basics is the most important step you can take. Dont assume anything.

So, let us begin with the basics.

CIS is the Center for Internet Security. In Tripwire terms, what does CIS mean?

There are two kinds of CIS used by Tripwire:

The CIS Top 20 Critical Security Controls give you a set of steps. Start from the top, and work your down the list, adding layers of security along the way. They start with the basics. Knowing what is changing in your environment and how things are configured are two very basic parts of the 20 Controls.

The CIS recommendations for how to securely configure assets is used by Tripwire to guide you in terms of how to configure various software packages in a secure way.

For instance:

Each OS and application has configuration settings like Login Success and Failure that have (Read more...)

Follow this link:
The Center for Internet Security (CIS) Use Cases and Cost Justification - Security Boulevard

Editors Note: This is the third article in a series on Sino-Russian defense cooperation organized by the Center for a New American Security. Be sure to read to the first and second articles in the series.

Beijing and Moscow have long wanted to control their domestic internets. Now they are working together to remake global cyberspace in their own image. The two launch widespread cyber operations that threaten U.S. interests, and they want to reshape the internet to reduce U.S. influence. Chinese hackers have mounted a long campaign to steal intellectual property, as well as military and political secrets, and are a growing threat to U.S. critical infrastructure. Russian hackers pose the threat of cyber espionage, influence operations, and attacks on the infrastructure of the United States and its allies. Moreover, China and Russia have over the past five years worked together to tighten controls on their domestic internet and promoted the idea of cyber sovereignty to diminish U.S. sway over the global governance of cyberspace.

Over the next decade, China and Russia are likely to continue close technical and diplomatic cooperation. Beijing now appears more willing to adopt information operations techniques historically associated with Russian actors to shape the narrative on the responsibility for and response to the COVID-19 pandemic, but the two sides are unlikely to coordinate on offensive cyber operations. To counter these efforts, policymakers should revitalize U.S. cyber diplomacy, providing an alternative framing to cyber sovereignty and building a coalition of like-minded partners to define and enforce norms of behavior in cyberspace.

Drivers of Cooperation

Both Moscow and Beijing perceive the open internet as a threat to domestic stability and regime legitimacy. The United States and its allies stress cyber security with a focus on the confidentiality, integrity, and assurance of data. In contrast, Russia, China, and their partners prefer the term information security, which includes not only protecting data but also controlling content and communication tools that may threaten regime stability. The International Code of Conduct for Information Security, for example, which representatives of China, Russia, Tajikistan, and Uzbekistanproposed to the U.N. secretary-general in 2011 and 2015, calls on states to curb the dissemination of information which incites terrorism, secessionism, extremism, or undermines other countries political, economic and social stability.

From the Clinton through the Trump administrations, the United States has pushed, with varying degrees of attention from senior decision-makers, a set of ideas and policies that became known as the internet freedom agenda. Washington argued that information should flow freely across the web and that people had the same rights online as they did off. U.S. policymakers argued that the open internet would drive innovation and economic growth. In support of these ideas, the United States funded the training of activists and the development of circumvention and anti-censorship software. Chinese and Russian analysts warned of hostile foreign powers using the internet for ideological subversion and to promote color revolutions. In opposition to this idea of cyberspace as an open, global platform, Chinese and Russian officials pushed the idea of cyber sovereignty and the right of all states to regulate the internet based on national interests.

In addition, while Washington has promoted a multi-stakeholder approach to internet governance driven by the private sector and technical experts, Moscow and Beijing have pushed a more democratic governance located at the United Nations. A multilateral approach located at the United Nations would prioritize the interests of governments over those of technology companies and civil society groups. It would also allow China and Russia to mobilize the votes of developing countries, many of which would also like to control the internet and the free flow of information.

Bilateral Cooperation

In 2015, Chinese President Xi Jinping and Russian President Vladimir Putin signed an agreement on cooperation in ensuring international information security. While the Western press reported that the two sides had signed a nonaggression pact, it is more realistic to see the agreement as reflecting China and Russias shared threat perceptions. It also provided a framework for future cooperation on internet control (and did not, in fact, stop Moscow and Russia from hacking each other).

The agreement contains a long list of threats to domestic stability, and in the years after its signing, the majority of exchanges appear to be designed to share technologies, information, and processes on the control of the internet. In June 2019, for example, a Chinese delegation participated in the Russian International Conference on Information Security and discussed Russias network disconnection exercises. A month later a delegation from the Cyberspace Administration of China traveled to Moscow and met with Roscomnadzor, Russias federal executive body responsible for censorship in media and telecommunications; Yandex, the Russian internet giant; and Kaspersky Lab.

Over these years, Moscow has introduced a series of more internet-restrictive laws. Anti-terrorist legislation, known as the Yarovaya Law, required internet service providers, cellphone operators, and search engines and other web services to store all Russian traffic, including all private chat rooms, emails, and social network posts, for as long as six months at their own expense as of July 1, 2018. The Chinese telecom giant Huawei reportedly held talks with Bulat, the Russian telecom equipment manufacturer, to provide hardware to assist with storage. The Sovereign Internet Law, which came into force in November 2019, gives Russian authorities the ability to control data traffic and in theory shut Russias internet off from the rest of the world. The law requires telecom operators to install certain hardware, software, and Russian-origin equipment provided by Roscomnadzor to counter cyber threats, including deep packet inspection equipment, and helps create an internet infrastructure that looks more similar to Chinas.

There has also been growing cooperation between Russia and China on 5G, the next generation of telecommunications networks. As Huawei has faced resistance in the United States, Australia, and some European countries, it has expanded its operations in Russia, growing research and development operations and signing cooperative agreements with Russian universities. Huawei signed a deal with telecom company MTS to develop 5G networks, and the two launched a 5G test zone in Moscow in October 2019. The company expects to quadruple its research and development personnel in Russia by 2024, bringing the total to 2,000 engineers. Huawei has also reportedly advertised to recruit engineers experienced in offensive skills such as vulnerability exploitation and penetration testing.

International Norms

The 2015 bilateral agreement on cyberspace called for China and Russia to enhance cooperation and coordination on international information security. The two sides have promoted cyber sovereignty through the United Nations, International Telecommunications Union, Shanghai Cooperation Organization, and the BRICS group (Brazil, Russia, India, China, and South Africa).

Cooperation at the United Nations is important to both partners. A great deal of the action has occurred in the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. Established in 2004, the group has convened five times since and has identified some shared norms for responsible behavior of states in cyberspace.

The United States hoped to use the 2016 to 2017 Group of Governmental Experts meeting to discuss specific applications of international law to cyberspace as well as the development of confidence building measures, not the identification of new norms. The group, however, failed to issue a consensus report, and divisions over the question of the applicability of the law of countermeasures and the inherent right of self-defense proved especially contentious. The Cuban representative publicly opposed these measures, arguing that they would lead to a militarization of cyberspace that would legitimize unilateral punitive force actions. As Elaine Korzak argues, it is safe to assume that Russia and China shared this position (and perhaps promoted via Cuba) since they both have maintained similar views in the past.

In December 2019, member states approved a Russian-backed resolution that established a committee of experts to consider a new U.N. cyber crime treaty. Russia has long wanted to replace the Council of Europes Budapest Convention. The convention is the one international agreement subject to human rights safeguards that criminalizes computer crimes and prohibits illegal access, system interference, and intellectual property theft. Although 64 countries have now signed the treaty, including Argentina, Australia, Japan, Turkey, and the United States, Moscow has consistently argued that the convention is only a regional agreement. Russia has also claimed that it violates principles of state sovereignty and noninterference. In the run-up to the vote, U.S. officials warned that the proposal was an opportunity for Russia, China, and others to create U.N.-approved standards for controlling the flow of information, but large democracies such as Nigeria and India have found Moscow and Chinas arguments on the need to fight cyber crime and terrorism convincing.

Constraints

Despite shared threat perception and interests, there are limits to how closely the two sides will cooperate. Beijing and Moscow are likely to remain wary of the others cyber capabilities, and, given the strong connection of cyber capabilities to each countrys respective intelligence services, it is unlikely that the two sides would share offensive capabilities. This lack of exchange of offensive techniques seems to be mirrored by criminal and non-state hacking groups as well. Cyber security firms report little interchange or cooperation between Russian and Chinese criminal hackers. Defense will remain the primary focus of cooperation of the two sides.

Moreover, some of the defense will be directed at the other, despite the nonaggression pact. The public reporting from cyber security companies suggests that the two sides have continued hacking each other after signing the 2015 agreement. The Russian cyber security firm Kaspersky Lab, for example, saw Chinese hacking cases of Russian industries, including defense, nuclear, and aviation, nearly triple to 194 in the first seven months of 2016, from 72 in the whole of 2015.

Russia is also wary of the intelligence risks that dependence on Huawei equipment entails. The Russian leadership knows that it will bring vulnerabilities, but it hopes the partnership will speed the deployment of 5G in the country and tie Russian companies into Huaweis supply chain. Similarly, Huaweis buildout of 5G networks in Central Asia and Eastern Europe is likely to bring these areas under Beijings technological influence and cause tension with Moscow.

The long-term issue for Moscow is the technological asymmetry with China, especially in commercial information and communication technologies. There are no Russian companies with the global reach of the big Chinese firms, and these firms will help shape global technology developments and provide intelligence benefits to Beijing, not Moscow.

U.S. Policy Response

China and Russia are likely to continue to strengthen their technical exchanges on the control of the internet over the next five years. Recent diplomatic success at the United Nations will provide the base for future joint efforts to promote cyber sovereignty. Given the increasing complexity of operations in joint military exercises such as Tsentr, the Chinese and Russian militaries may also eventually engage in joint defensive cyber exercises.

In addition, Russian and Chinese information operations appear to be learning from each other. Previous Chinese online disinformation campaigns were focused on Hong Kong and Taiwan, political struggles the Chinese leadership considers internal issues. With the novel coronavirus pandemic, Chinese diplomats and state media accounts have become more divisive. They have linked to conspiracy websites arguing that the United States was the real source of COVID-19, and this messaging has been amplified by bots and fake accounts. Unnamed U.S. officials also told The New York Times that Chinese actors sent text messages warning of a lockdown designed to create panic, rather than spread pro-Beijing propaganda.

The United States has long argued that an open, global internet serves its political, economic, and diplomatic interests. Russian and Chinese cyber cooperation reinforces and accelerates the splintering of cyberspace into more controlled, national internets. To be sure, Moscow and Beijing are not the sole sources of fragmentation. Many countries are looking to data localization, filtering, and online content moderation to exert sovereignty over cyberspace. But their collaboration, and their increasing ability to use the United Nations to promote cyber sovereignty, provides diplomatic and political support to states that want to control and restrict online information. In addition, their technical cooperation demonstrates what is possible with filtering, blocking, and censorship. The Chinese in particular have been exporting the model through investment, business deals, and training local officials.

The United States does not have an obvious response on the technical side. Russias partnership with Huawei is in part driven by the breakdown of relations, and U.S. and E.U. economic sanctions on Russian companies. With those remaining in place, there is little alternative the United States can offer. There is the additional constraint, clearly demonstrated in Washingtons ineffective efforts to convince European friends and allies not to use Huawei for 5G networks, that the United States does not have an equipment manufacturer to compete with the Chinese telecom.

U.S. efforts should be focused on combating Chinese and Russian efforts to promote cyber sovereignty through the United Nations and other international organizations. This would require a rethinking of the U.S. internet freedom agenda and a re-engagement with international organizations. In the wake of the interference in the 2016 election, the United States and its allies have increasingly called for online content moderation and other controls on disinformation. While Washington might stress that these processes occur transparently and through the rule of law, they do not look dissimilar to Chinese and Russian calls for cyber sovereignty to third countries that face similar pressures.

There are tools Washington can rely on, though the State Department needs support. Former Secretary of State Rex Tillerson shut down the Office of the Coordinator for Cyber Issues, and then, a little before he was fired by the president, recommended the creation of a cyber bureau with an assistant secretary for cyberspace and digital economy. The Senate Foreign Relations Committee has supported the same idea through the Cyber Diplomacy Act. Even if a bureau is not created, cyber issues need more attention and resources from the top.

One forum worth engaging is the Freedom Online Coalition, a partnership of 30 governments that continues to meet and issue statements in support of an open internet. In addition, Congress remains engaged in the issue and in 2018 voted for $50 million in anti-censorship technology and other programs. The United States has been essentially reactive to Chinese and Russian efforts at the United Nations, warning others of the negative impact but providing no real alternative to countries seeking a response to online threats. Washington, along with its friends and allies, will not only have to promote new avenues of coordination and collaboration, but also have to contribute significant resources to capacity building. Any new strategy will, however, require acknowledging the link between U.S. domestic efforts to regulate content and cyber diplomacy. Washington should have a coherent argument for what it is trying to accomplish at home before it convinces others to fight for a free, open, and global internet.

Adam Segal is the Ira A. Lipman chair in emerging technologies and national security and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations. His most recent book, The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age, describes the increasingly contentious geopolitics of cyberspace.

Image: Russian Ministry of Defence

Read the original:
Peering into the Future of Sino-Russian Cyber Security Cooperation - War on the Rocks

The one thing my students all invariably know about China is that you cant use Facebook there, or YouTube or Google. For at least a decade, China has maintained strict control over the internet and aggressively blocked foreign tech platforms within its borders.

So when President Trump issued two executive orders Thursday night that all but ban two Chinese social media networks the video app TikTok and the messaging app WeChat from operating in the United States, citing national security concerns, the decision seemed straight out of Chinas own playbook.

The executive orders and Microsofts interest in buying TikToks American business echo what happened in 2017, when Chinas cybersecurity law went into effect and required foreign companies to store data about Chinese customers within China. Some American companies, including Amazon, had to sell the hardware components of their cloud computing services in China to Chinese companies in order to continue operating there.

The United States governments approach to cybersecurity is now looking more and more like Chinas. If that meant only limiting access to humorous video apps then it would be merely unfortunate. But its a deeply misguided and unproductive way to try to secure data and computer networks one that relies on the profoundly untrue assumption that data stored within a countrys own borders is more secure than data stored in other places.

No one knows better than the United States government that the data kept within its borders is highly vulnerable to Chinese cyberespionage. In 2015, Chinese hackers stole personal information belonging to more than 21 million people from the federal governments Office of Personnel Management. In 2017, members of the Chinese military managed to steal records belonging to 145 million Americans from the U.S. credit bureau Equifax, according to charges filed by the Department of Justice earlier this year.

Any number of lessons could be drawn from these incidents, including the importance of vetting outside vendors and the need to carefully monitor outbound data. But deciding that information is more secure because it is collected and stored by American companies is precisely the wrong conclusion.

In January, the Department of Defense announced that military personnel would be required to remove TikTok from their government-issued smartphones. Even absent any evidence that ByteDance was sharing data with the Chinese government, that decision made sense for smartphones that were being used by military officers given the sensitive nature of their work. But for the government to expand that ban to the phones of civilians in the United States, it needs to show some clearer indication that the app poses a real risk to its users. Otherwise, this just looks like an anti-competitive decision made to disadvantage a Chinese tech firm in the name of strengthening security.

Its not clear whether the Trump administration regards either TikToks or WeChats data, or their parent companies, as particularly pernicious or dangerous, but it has not released any evidence that these companies are distributing compromised software to their users via the apps or sharing any data about their American customers with the Chinese government.

But make no mistake: the presidents executive orders are not about cybersecurity they are a retaliatory jab in the ongoing tensions between China and the United States. In fact, the bans greatest impact will probably not be on the bottom lines of TikTok and WeChats parent companies, but instead on promoting a fundamentally Chinese view of internet security.

For years, the American government has championed the idea of an open and global internet, in which the same online content and services are available worldwide, regardless of where users live. Tech companies could operate internationally, moving data freely between their data centers across the globe. But if the government now believes that the only safe data and computer networks are within its own borders as the animus toward TikTok and WeChat suggests then, like China, the United States fundamentally does not believe in a global internet. Thats a terrible mistake for a country whose tech industry depends heavily on companies that do business all over the world. Its also a mistake from a security perspective.

To protect Americans data, the federal government needs to set clearer and more rigorous standards for how that data is protected and what the consequences are for failing to meet those standards. By pretending that restricting the use of TikTok and WeChat could possibly serve the same or even a similar purpose, the government is failing to engage with the hard questions around liability for cybersecurity breaches. Instead, it is buying into Chinas belief that the only way to secure the internet is to keep international influences and services offline.

The Times is committed to publishing a diversity of letters to the editor. Wed like to hear what you think about this or any of our articles. Here are some tips. And heres our email: letters@nytimes.com.

Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.

More:
So What Does Trump Have Against TikTok? - The New York Times

Bottom line: It'll take some time for researchers to comb through the data dump and determine just how harmful the information could be on the open market. But perhaps the company's bigger concern is what could be lying in wait.

Intel has reportedly suffered a massive data breach that, according to the anonymous source of the material, is the first of several planned intellectual releases to come.

The first batch of data, a 20GB collection of internal documents, debugging tools and BIOS code, was initially shared on Twitter by Till Kottmann, a Swiss software engineer with a history of sharing leaked data from major tech companies. Kottman said an the anonymous source nabbed the data by hacking Intel earlier this year.

Intel has issued the following statement to the press regarding the matter.

We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.

ZDNet reviewed the contents of the leak with security researchers, who deemed the material authentic. According to Kottmann, the dump includes:

Regardless of how the data was obtained, its not a good look for Intel. Perhaps even more worrisome is the possibility that this is the first of several more leaks to come.

Masthead credit: Sundry Photography

See the original post here:
Someone just dumped 20GB of internal Intel data on the Internet - TechSpot