Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s crown-jewel source code.
A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1TB of data. Included in the theft, the group claims, are schematics and source code for drivers and firmware. A relative newcomer to the ransomware scene, Lapsus$ has already published one tranche of leaked files, which among other things included the usernames and cryptographic hashes for 71,335 of the chipmaker’s employees.
The group then went on to make the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leaking of stolen data.
“We decided to help mining and gaming community,” Lapsus$ members wrote in broken English. “We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it’s a big folder). We both know lhr impact mining and gaming.”
Nvidia introduced LHR in February 2021 with the launch of its GeForce RTX 3060 models. Three months later, the company brought LHR to its GeForce RTX 3080, 3070, and 3060 Ti graphics cards. The reason: to make the cards less desirable to people mining Ethereum and possibly other types of cryptocurrencies. In recent years, the soaring prices of cryptocurrencies have created enormous demand for the cards because the cards are generally much faster and more efficient in performing the intensive computations required during the mining process.
The demand has led to a shortage that has often made GPUs virtually impossible for gaming enthusiasts to buy.
LHR works by looking for specific attributes of the Ethereum mining algorithm. When one of those attributes is found, LHR limits the hash rate, which dictates mining efficiency, by around 50 percent. “We designed GeForce GPUs for gamers, and gamers are clamoring for more,” Nvidia officials wrote when unveiling LHR.
On Tuesday, Lapsus$ modified its demand. Now, the group also wants Nvidia to commit to making its GPU drivers completely open source. If Nvidia does not comply, Lapsus$ says, the company can expect to see a new leak that would include the complete silicon, graphics, and computer chipset files for all its recent GPUs. In a dispatch, group members wrote:
So, NVIDIA, the choice is yours! Either:
–Officially make current and all future drivers for all cards open source, while keeping the Verilog and chipset trade secrets… well, secret
OR
–Not make the drivers open source, making us release the entire silicon chip files so that everyone not only knows your driver’s secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!
YOU HAVE UNTIL FRIDAY, YOU DECIDE!
Nvidia officials declined to say if they intended to comply with the demand. Instead, they referred to a statement first published on Tuesday:
On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.
Security is a continuous process that we take very seriously at NVIDIA–and we invest in the protection and quality of our code and products daily.
The statement didn’t say if the company has mandated password changes for affected employee accounts. The Have I Been Pwned breach-notification service allows people to enter an email address to find out if it has been included in most data leaks. A check of email addresses of four Nvidia employees showed all of them were included in last week’s Lapsus$ dump.
https://arstechnica.com/?p=1838180