Nvidia's ransomware gang problem

Bartholomew Gallacher

Well-known member
Joined
Sep 26, 2018
Messages
5,513
SL Rez
2002
Since I cannot find it anywhere here yet: a ransomware gang named Lapsus$ from South America has infiltrated Nvidia a short while ago, it's known since beginning of Feb 2022. They were able to drag out a lot of Nvidia's internal files. As with such criminals, they have demands they want to get fulfilled, otherwise they'll leak stuff.

Strange thing is that their demands don't make much sense and are quite unusual. This ransomware gang claims to care about cryptominers. They demanded that Nvidia will remove the cryptomining throttling mechanism in their newest range of GPUs firmware updates, otherwise they'll leak stuff. They also told that though that they were able to work around that brake, rendering it useless. Question is: why do they care about removing that technic when they were already able to render it inactive?

Lapsus$ also reported that Nvidia fought back, and attacked the systems of the South American hacker group.

Lapsus$ has already leaked the whole source code of Nvidia's DLSS feature beginning of March.

Last Friday Lapsus$ threatened Nvidia again with this:

So, NVIDIA, the choice is yours! Either:
–Officially make current and all future drivers for all cards open source, while keeping the Verilog and chipset trade secrets... well, secret
OR
–Not make the drivers open source, making us release the entire silicon chip files so that everyone not only knows your driver's secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!
YOU HAVE UNTIL FRIDAY, YOU DECIDE!
Nvidia officially stated that they will not comply with that demand. So really tough times for Nvidia right now, and well the ultimatum ends today.

Furthermore, some of that stolen data was already used to digitally sign malicious Nvidia drivers with malware embedded as officially being Nvidia's.


 
Last edited:
  • 1Eye Roll
Reactions: Govi

Argent Stonecutter

Emergency Mustelid Hologram
Joined
Sep 20, 2018
Messages
5,887
Location
Coonspiracy Central, Noonkkot
SL Rez
2005
Joined SLU
Sep 2009
SLU Posts
20780
Making the drivers open source would make Linux users happy. They could finally quit depending on Nouveau.
 

Free

The cool chick who doesn't know she's hot
VVO Supporter 🍦🎈👾❤
Joined
Sep 22, 2018
Messages
34,410
Location
Moonbase Caligula
SL Rez
2008
Joined SLU
2009
SLU Posts
55565
Making the drivers open source would make Linux users happy. They could finally quit depending on Nouveau.
Has Nvidia ever done something to make Linux users happy?
 

Argent Stonecutter

Emergency Mustelid Hologram
Joined
Sep 20, 2018
Messages
5,887
Location
Coonspiracy Central, Noonkkot
SL Rez
2005
Joined SLU
Sep 2009
SLU Posts
20780
Lots of Linux users are actually quite happy with the nVidia proprietary drivers on Linux, they're better than nouveau or the ATI drivers. But open sourcing them so the purist distros could use them would be a step forward.
 

Lexxi

meow
Joined
Sep 26, 2018
Messages
1,139
SL Rez
2007
Joined SLU
12-14-2007
SLU Posts
6381
huh. I thought I saw this mentioned on here before. And the part where NVIDIA hacked back. Or, I should say, put ransomwear on the hackers system.
In screenshots from their Telegram channel, a LAPSU$ member claims NVIDIA put ransomware on their system after the hack.

Supposedly the hackers have the information also stored elsewhere, somewhere the ransomwear could not get at.
 

Dakota Tebaldi

Well-known member
VVO Supporter 🍦🎈👾❤
Joined
Sep 19, 2018
Messages
8,679
Location
Gulf Coast, USA
Joined SLU
02-22-2008
SLU Posts
16791
This ultimatum was stupid. Releasing Nvidia's video card driver and DLSS source code was never the actually-serious threat that the hackers seemed to take it for.

In terms of the video driver - Nvidia gives it away for free, they don't make money on the driver and they won't lose money by virtue of the driver source code being exposed. They weren't going after Nouveau for providing an alternative for Linux, for instance, because they don't care. In fact it just means that Nvidia can more credibly insist that people from now on should definitely only download drivers directly from its official website because other sources are now untrustworthy even if they're providing a signed driver. And how often does Nvidia release new drivers? The "open-sourced" driver wouldbe out-of-date as of the next release, and the situation would return to the way it was pre-hack.

And as for DLSS, the only people who could possibly benefit from having that code in theory would be Nvidia's only tangible market competition, AMD. But in practice, they can't. For one thing AMD already has its own architecture and DLSS wouldn't be compatible with it, making the code useless; and for another, even if the source code is exposed and "open sourced", it's still proprietary and commercial rights and patents still apply, so AMD couldn't legally use the code even if it wanted to. Some third party taking the DLSS code and building a whole rival video card business from scratch with it isn't a realistic possibility either.

So yeah...kind of a nothingburger in the end. I'm sure Nvidia isn't happy about their drivers being stolen and would rather it hadn't happened, and the whole security thing is obviously a problem that has to be fixed if it hasn't been already; but Nvidia doesn't stand to be really damaged that much by this "leak". From the way I've been hearing the word "on the street", even the embarrassment of the company in the public perception for having been hacked has been mitigated a lot by them turning around and putting ransomware on the hackers' computers, which a lot of people find hilarious.
 

Soen Eber

Vatican mole
VVO Supporter 🍦🎈👾❤
Joined
Sep 20, 2018
Messages
3,191
I wonder what will happen when crypto currencies finally come up with a mining method that, as planned, won't involve the massive processing power now required. That processing ability is better used unfolding genomes or researching nanoparticle strategies.