Article Details

Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale. Data pinched from pwned outside supplier, thief says. IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia. In a post on cyber-crime message board Breachforums this week, IntelBroker put up for sale what's said to be the Finnish network equipment maker's source code, SSH keys, RSA keys, Bitbucket logins, details or contents of SMTP accounts, and credentials, among other things. We're told the miscreant joined forces with someone called EnergyWeaponUser to pull off the heist, and that the info was allegedly taken from a third-party supplier used by Nokia. "Today, I am selling a large collection of Nokia source code, which we got from a 3rd party contractor that directly worked with Nokia to help aid their development of some internal tools," the post states. Based on sample data offered as evidence of the security breach, the haul includes a lot of JavaScript, JSON, and PHP files. The juicy stuff is apparently being reserved for a buyer, and the seller says they will only accept offers from serious purchasers who are credentialed on the forum. Nokia is understood to be investigating the boasts to see if a serious intrusion has taken place. The Finnish business had no comment at the time of publication. "The reported security breach potentially involving Nokia’s source code and credential information represents a bit of a head-scratcher given that it appears to be another case of third party credentials for access to the software supply chain were compromised," said Jim Routh, chief trust officer at cybersecurity company Saviynt. "The head-scratching comes from why a third party has access to Nokia source code? Perhaps the third party was a software engineer contributing to the software build process." It's the second claimed score in the space of a month for IntelBroker and EnergyWeaponUser. In October, the duo claimed to have broken into Cisco for a large data haul - Switchzilla is still checking the veracity of that bragging. The alleged Nokia cyber-smash-and-grab is just one of many made on the Breachforums marketplace, which is or has been available via the dark web and surface web. Despite the best efforts of law enforcement to shutter the site in May, it was back within weeks.