Source URL: https://www.theregister.com/2024/11/06/nokia_data_theft/
Source: The Register
Title: Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale
Feedly Summary: Data pinched from pwned outside supplier, thief says
IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia.…
AI Summary and Description: Yes
Summary: The reported incident involving IntelBroker and the theft of Nokia’s source code and sensitive materials raises critical issues surrounding third-party access and supply chain security. This incident highlights the vulnerabilities associated with trusting external contractors in the software development process.
Detailed Description: The recent claims by IntelBroker, known for trading stolen data, about having acquired sensitive materials from Nokia, underscore significant security implications for companies relying on third-party vendors. Major points include:
– **Nature of the Breach**: IntelBroker has allegedly stolen and is attempting to sell Nokia’s source code, private keys, and credentials from a third-party supplier that worked with Nokia. These items include:
– Source code files, mainly in JavaScript, JSON, and PHP.
– SSH keys and RSA keys.
– Credentials from various accounts, including SMTP accounts and Bitbucket logins.
– **Collaboration with Another User**: The breach involved coordination between IntelBroker and another individual identified as EnergyWeaponUser, indicating organized cybercriminal activity.
– **Concerns Raised**: Jim Routh, a cybersecurity executive, pointed out the unusual aspects of the breach, raising questions about:
– Why a third-party contractor had access to Nokia’s source code.
– Potential vulnerabilities in the software supply chain due to reliance on third parties for development processes.
– **Past Activity**: This incident isn’t isolated; IntelBroker and EnergyWeaponUser previously claimed responsibility for breaching Cisco, indicating a pattern of targeting significant organizations.
– **Marketplace Dynamics**: The breach was advertised on Breachforums, a platform notorious for the sale of stolen data, which remains active despite law enforcement attempts to shut it down. This exemplifies the ongoing challenges in combating cybercrime in dark web marketplaces.
– **Next Steps for Nokia**: Nokia has recognized the potential severity of this breach and is investigating the claims to assess if a genuine security intrusion has occurred.
This incident serves as a cautionary tale for organizations regarding the importance of restricted access and comprehensive security measures when engaging with third-party vendors to protect sensitive data and maintain overall information security.