What happened in NVIDIA?
NVIDIA, the inventor of the GPU, which creates interactive graphics on laptops, workstations, mobile devices, notebooks, and PCs, announced that they had suffered a cyber-attack on February 25, some important information has been stolen, and hackers are currently leaking the stolen data on the Internet.
Some people speculated that this attack may be caused by the recent conflict between Ukraine and Russia. However, there’s no evidence to support this inference.
Nvidia said in a statement that according to the company’s current investigation, external hackers obtained employee account password information and entered the system. They stole some proprietary confidential information from the company’s system.
Nvidia first discovered the hack on February 23, quickly strengthened the cyber security then contacted cyber security experts and notified the police. Nvidia’s team analyzed the stolen information, preliminary estimates showed that the hack will not disrupt the company’s business or ability to serve customers.
Who launch the attack?
Early Saturday morning, Dark Web intelligence company DarkTracer announced that Lapsus$, the ransomware gang, claimed responsibility for this cyber-attack, leaked what it says was a password hash to Nvidia employees, and noted that it contained other data including source code and information related to RTX GPUs. The size of stolen data is around 1TB. Lapsus$ threatened to release the data if its demands, namely an unspecified sum of money, aren’t met.
A person familiar with the matter reported that the hack was part of a so-called “ransomware attack.” In this type of attack, a hacker may install encryption software on the attacked system so that the data cannot be read by the other party, and then the hacker will make a ransom demand to remove the encryption software.
However, Nvidia said that no malware has been deployed on the internal network so far. Instead, the hackers stole vital data outright, and they offered conditions that required Nvidia to lift restrictions on some graphics card products that affected how efficiently they could use graphics cards to “mine” cryptocurrencies.
what is the consequence?
Nvidia turned down the hackers’ extortion, and they started disclosing the stolen data. Because of Nvidia’s actions, Lapsus$ has announced that they are already shipping unlock codes that can bypass Nvidia’s official LHR(Lite Hash Rate) installed on the GA102 and GA104 chips. He also claimed that among the 1TB of data he stole, there were Nvidia’s product drawings, drivers, firmware data, proprietary tools, software developer tools, and more. There’s also “All About Falcon.” Falcon is a special microcontroller architecture found in all of Nvidia’s graphics cards, used in a wide range of functions from program security to memory replication to video decoding.
If the Lapsus$ threat is successful, it means that all Nvidia 3000 series graphics cards can once again perform at 100% mining performance. However, in addition to benefiting miner owners who have installed NVIDIA graphics cards, it is not clear what impact this will have on the future cryptocurrency market and graphics card market. Considering that the upgrade of Ethereum’s proof-of-stake mechanism will be completed in the first half of 2022, any investor who buys NVIDIA graphics cards for mining hardware will not have much time to earn its cost. Taking into account the virtual prosperity and plummeting volatility of the cryptocurrency market in the past two years, any miners with long-term plans may not spend a lot of money because of the short promises of hacker organizations.
Conclusion
According to Nvidia’s official reply email, it is impossible to confirm which Nvidia technology was stolen. When the media contacted Nvidia’s internal staff privately, the responses they got were surprisingly consistent with the official statement: the damage was limited and controllable. However, judging from the drama, back-and-forth, and twists and turns of the matter, the impact of the stolen data on Nvidia should not be underestimated. There is no doubt that the cyber attack on Nvidia has taught all companies a lesson. In order to ensure business interests and technological advantages, it is necessary to pay attention to cyber security.
Reference
- https://portswigger.net/daily-swig/cyber-attack-on-nvidia-linked-to-lapsus-ransomware-gang
- https://www.chamberlainsun.com/nvidia-confirms-it-is-investigating-an-incident-said-to-be-a-cyber-attack/
- https://metro.co.uk/2022/02/28/nvidia-hit-by-cyberattack-so-they-hack-the-hackers-as-revenge-16187846/
- https://hothardware.com/news/lapsus-claims-nvidia-hacked-back-after-its-attack
- https://www.pcmag.com/news/nvidia-confirms-company-data-was-stolen-in-hack
- https://www.blackhatethicalhacking.com/news/cyber-attack-on-nvidia-linked-to-lapsus-ransomware-gang/
I have an NVIDA GPU in my laptop and use NVIDA software on my laptop as well, yet I was unaware that they even got hacked. I am glad to hear that it will not affect their ability to serve their customers, but it is also very concerning to hear that this could have as big as an effect as impacting crypto currency. I am not very familiar with crypto currency but I can tell that there could be a great impact on the market from this hack. Considering I use this company’s software and hardware and I was unaware of this hack just means I have to pay more attention to the software I use. I will pay more attention to these types of hacks, especially when it comes to the software or hardware that I use myself.
Great point! Having a better understanding of your graphic card and software provider is always a clever way to make sure that you can properly use your device.
The latest news on this story is that hackers have asked Nvidia to release the source code of their graphics drivers. In a sense if people have access to the source code of their graphics drivers, then people can use the code to improve the performance of their graphics cards. This seems like a good thing, as buyers of Nvidia graphics cards gain the ability to improve the performance of their computers because of the hacker’s request. But it doesn’t seem to do the hacker any good. So the only thing I can think of is that hackers might use vulnerabilities in the graphics card drivers to create more powerful ransomware. So people should be careful with those free benefits.
Can’t agree more. Always remember that “天上不会掉馅饼”. 🙂
I think more than anything is probably a further plot to further abuse the source code of these cards to make modified drivers for mining purposes. It doesn’t seem terribly disruptive to the average consumer at first glace, but it could really upset the cryptocurrency space, should Nvidia comply which, given they didn’t when asked for a sum of money, I doubt they’ll do either. I also don’t doubt that we’ll see more of this as cryptocurrency becomes more and more normalized in our daily lives.
I really liked reading about this. Companies like NVIDIA are common targets for these types of attacks. The benefit of obtaining sensitive information about this company is the potential of being able to mine cryptocurrencies much more efficiently. When NVIDIA set restrictions on the mining capabilities, it should have recognized that hackers would try and bypass them to achieve their objectives. Also, the fact that sensitive information such as firmware, drivers, drawings were stolen is very concerning for a major company like this. The ability for NVIDIA to protect its intellectual property is extremely important for the success of the company.
Since NVIDIA decided to set restrictions on the mining capabilities, they have to face a lot of problems from miners and players. I believe that NVIDIA one day has to choose between these two groups.
Nvidia is an industry giant when it comes to manufacturing GPU’s for consumer & professional use. There are not many companies in this space and Nvidia has had market dominance over the last 5-10 years. With cryptocurrency being what it is, it is not surprising that they’re a big target for malicious actors since they supply the most powerful cards to mine with. It looks like they’re in a lose-lose situation where if the limiter was ever removed, GPU prices will once again increase and supply will be scare.
Good point! But I think AMD is also a big competitor of NVIDIA in the field of graphic cards. Cryptocurrency has made a huge impact on the market of cards. I hope this trend can stop and everyone can buy a affordable graphic card.
As someone with an NVIDIA graphics card it is alarming that they did not report this hack to their users. But it seems that the hackers had a plan for the data before the attack. They went to the people that would benefit the most from their hack which is those using the graphics cards to mine crypto. Additionally, threatening to release the source code behind Falcon can be problematic for NVIDIA as the graphic card industry is mostly between them and Intel.
Thanks for sharing this informative blog post. As someone with an NVIDEA graphics card I was quite alarmed. I was relieved to hear that it will not impact their ability to serve their consumers. With little knowledge about crypto-currency and the news around software that I am using I will have to start being more aware.
Great post! As someone with a NVIDIA graphics card installed this came as a shock. I wasn’t informed of this hack until now and I’m surprised that they didn’t report it to all of their customers. With a huge chunk of important data being stolen this can be very troublesome for a huge company like NVIDIA.
I did not know NVIDIA had restriction on their cards for how efficiently they could mine cryptocurrencies, I wonder how much of an effect it would have on the GPU market that is already quite rough if they met these demands.
I bet the attack was sponsored by AMD manufacturers lol. But all jokes aside, I think this placed NVIDIA in a very tricky position. Unlike other ransomware attacks, this attack has a net benefit to other people which complicates the issue. It is surprising to the net benefit that exists with the attack and its consequences can be lethal to the company that is almost achieving monopoly on graphic card.
Nice post. I too have NVIDIA graphics card in my computer. I am shocked at the fact that they did not notify their users about this incident. Even though I am not too familiar with crypto currency, but I can understand that this will impact the market greatly. As a result, the price of graphics might go up. Nonetheless, we have to be careful of the software we use in our computers because this type of hack could also impact the users.
I believe part of what was stolen was the source code for NVIDIA DLSS (Deep Learning Super Sampling), which is cutting edge rendering technology that uses AI to optimize game graphics. This is actually really disheartening, because you know NVIDIA spent fortunes to develop and implement this ground-breaking tech, only for it to be leaked by a group of hackers. Other companies will now have access to the source code, so there goes one of NVIDIA’s trade secrets. Even worse, a super handy “Programmers Guide” was also leaked, so basically anyone can deconstruct DLSS with precision that was supposed to be reserved for NVIDIA employees. Hacking is a serious threat to competitive advantage and business as a whole, and it saddens me to see innovators like NVIDIA have their deserved profits cut because someone of security breaches. Thank you for the informative post.
With the popularity in gaming industry, mining businesses and development companies, we can see the use of graphics cards almost everywhere. After reading through entire post, it seems like users do not have much to worry yet since the hacking does not allow them to alter or steal from users and from the confidence NVIDIA demonstrated it seems more inevitable. However, for NVIDIA it might be a huge problem considering 1TB of data was stolen. Years and years of R&D can go in vain in one second and if they lose such important intellectual property they could incur millions in loses. Thereby, it is important to take strong steps towards security in-order to prevent such hackings in future.
This post is really cool because of the relevance to crypto mining. We all know the cryptocurrencies are building a huge momentum with many government organizations scrambling to address the new market, however we see miners benefitting greatly by using vast amounts of capital to buy GPUs to take advantage of the market. This in cause soared GPU prices for regular consumers, also often leading to not only expensive GPUs, but also massive shortages in GPUs in the market creating room for scalpers. If the ransomware attackers conditions are met, we can expect these price hikes and shortages to happen on an even greater scale which is unfortunate for regular consumers who may want to upgrade their PC builds but cannot afford the high prices.
Informative Post: Most ransomware is propagated through user-initiated actions such as clicking on a malicious link in a spam e-mail or visiting a malicious or compromised website. In other instances, malware is disseminated through malvertising and drive-by downloads, which do not require user engagement for the infection to be successful.
While the possibility of an attack on any larger company is always higher, I do feel like Nvidia is probably one of the last companies I would have expected to have been hacked. With that said, this blog post and story has brought my attention towards the fact that one of the main intents of this attack was for the sake of crypto mining. I do have minimal knowledge on how graphics cards can be used to mine crypto currencies, but I am more interested as to why the GPUs were previously limited in their crypto mining capabilities. Additionally, while mining and money may have been the main and only motives for this attack, it does seem like a lot of effort for something that is either quite niche or something that can be obtained through easier and less risky means. Otherwise thank you for this interesting blog post!
Very interesting post! The individuals behind this hack have recently publicized some of the data that they stole. Apparently a part of it consists of the source code of NVIDIA’s Game Ready graphics driver and its corresponding code-signing certificates. In fact, it has already been reported that various bad actors have already started to use these certificates to sign their malware. I hope NVIDIA can get this situation under control ASAP.
It seems surprising that even big tech companies like Nvidia are not safe from ransomware attacks. In this case it sounds like the hackers were able to login as an employee, which once again shows the importance of proper security training for all employees and proper passwords.
It is especially interesting that the hack seems to be coming from someone with high interest in Cryptocurrency mining. With the current (by now fairly long-term) shortage in graphics cards due to crypto-mining this does not come as a surprise. Still, what surprises me is that Nvidia did not give in and paid the ransom. It seems like they would hardly lose any revenue by unlocking their GPUs full power for mining, demand is rather likely to rise in such a situation. Apparently their reputation is quite important to them, which in this case is very good for normal users.
Can’t agree more. Hopefully, NVIDIA can insist on their attitude so that normal users like us can have a better experience.
After seeing this post, I am glad that I am using a Mac laptop for doing all my work. On a serious note, this case has yet to show any actual bad threat to the users with this graphics card. I do not have much knowledge about the crypto world since I never was interested but I believe anyone who is not affiliated with that world will be fully safe from this attack. The unfortunate fact that the group Lapsus stole around 1tb of data and is blackmailing Nvidia, really is disturbing though. I hope Nvidia improves its security a lot more and never has these issues again in the future.
All in all, this was definitely a really informative post. Great job!