Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale

Data pinched from pwned outside supplier, thief claims

IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia.

In a post on cyber crime message board Breachforums this week, IntelBroker put up for sale what's claimed to be the Finnish network equipment maker's source code, SSH keys, RSA keys, Bitbucket logins, details or contents of SMTP accounts, and credentials, among other things.

We're told the miscreant joined forces with someone called EnergyWeaponUser to pull off the heist, and that the info was allegedly taken from a third-party supplier used by Nokia.

"Today, I am selling a large collection of Nokia source code, which we got from a third party contractor that directly worked with Nokia to help aid [its] development of some internal tools," the post states.

Based on a list of supposedly pinched files offered as evidence of the security breach, the haul includes a lot of JavaScript, JSON, and PHP documents. The juicy stuff is apparently being reserved for a buyer – the seller claims they will only accept offers from serious purchasers who are credentialed on the forum.

Nokia is understood to be investigating the boasts to see if a serious intrusion has taken place. The Finnish business had no comment at the time of publication.

"The reported security breach potentially involving Nokia's source code and credential information represents a bit of a head-scratcher given that it appears to be another case [where] third party credentials for access to the software supply chain were compromised," observed Jim Routh, chief trust officer at cyber security shop Saviynt.

"The head-scratching comes from why a third party has access to Nokia source code? Perhaps the third party was a software engineer contributing to the software build process."

It's the second claimed score in the space of a month for IntelBroker and EnergyWeaponUser. In October, the duo claimed to have broken into Cisco for a large data haul – Switchzilla is still checking the veracity of that brag.

The alleged Nokia cyber-smash-and-grab is just one of many made on the Breachforums marketplace, which is – or has been – available via the dark web and surface web. Despite the best efforts of law enforcement to shutter the site in May, it was back within weeks. ®

More about

TIP US OFF

Send us news


Other stories you might like