A new report states that Intel CEO Brian Krzanich sold $24 million in stocks in November shortly after the company was made aware of a massive vulnerability in the computing giant’s processors.
Business Insider reports that the CEO of Intel, Brian Krzanich, sold $24 million in stocks and options in November after Intel was informed by Google of a security vulnerability in almost all CPU’s, including Intel’s products. The recently revealed vulnerability could give hackers access to user’s passwords, financial data, browsing history and many other records stored on their computer, resulting in panic amongst operating system developers who are quickly working to patch the bug. While the vulnerability was made public recently, tech companies were made aware of the issue months ago. According to an Intel representative, Google informed Intel of the vulnerability in June 2017.
This allegedly means that Intel CEO Brian Krzanich was aware of the vulnerability when he sold approximately $24 million in stocks and options in November. The sudden sale was considered quite odd as it left Krzanich with only 250,000 shares of Intel stock, the minimum amount that Intel requires Krzanich to hold as part of his employment agreement. An Intel representative claims that Krzanich’s sale had nothing to do with the new vulnerability and was pre-planned, but that plan of sale was only entered on October 30th, after Intel was informed of the CPU bug. “Brian’s sale is unrelated,” the representative said in a statement to Business Insider, stating that Krzanich “continues to hold shares in line with corporate guidelines.”
The CPU targeting bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google’s digital security team. The details of the bugs, named Meltdown and Spectre, were to be revealed next week but Google decided to publish the details immediately, “because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation.” According to Horn, the issue with the CPU is a hardware one which will require firmware updates to be issued by CPU vendors and software fixes from both operating system and application manufacturers.
Google described the two exploits as the following:
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
The meltdown bug was given that codename because according to Google “the bug basically melts security boundaries which are normally enforced by the hardware.” Google stated that the Spectre codename “is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time,” Google says. “Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.”
Currently, detecting attacks using the exploit is extremely hard, “the exploitation does not leave any traces in traditional log files,” said Google. They did note that antivirus software should, in theory, be able to detect and prevent attacks. Google currently believes that, “every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013) is affected by Meltdown.”
Some companies have begun issuing bug fixes, a list of them can be found here.
Microsoft has recommended all Windows users take the following actions,
- Verify you are running a supported antivirus (AV) application before installing OS or firmware updates. Check with your antivirus software vendor for compatibility information.
- Apply all available Windows operating system updates including the January 2018 Windows security updates.
- Apply the applicable firmware update provided by your device manufacturer.