Saturday, February 26th 2022
NVIDIA has Allegedly Been Hacked, Internal Systems Compromised
According to several reports in various media, NVIDIA has been hacked and several key systems, such as email and its internal developer tools have been down for the past few days. According to CRN, NVIDIA is investigating "an incident" and the company issued the following statement to the publication. "Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don't have any additional information to share at this time."
In a regulatory filing back in October 2021, NVIDIA seemingly warned its shareholders of a future attack on the company of some kind. NVIDIA claimed that it's hard to protect against attacks, as the attacks are getting more "prevalent and sophisticated". The filing went on to say "Our efforts to prevent and overcome these and similar challenges could increase our expenses and may not be successful. We may experience interruptions, delays, cessation of service and loss of existing or potential customers." Based on media reports, it's currently not known whether any data has been stolen or damaged and it appears that the attacker(s) haven't been identified.
Update: According to vx-underground, it's a South American "extortion group" by the name LAPSUS$ that's behind the hack. Based on screenshots provided by vx-underground, NVIDIA has allegedly hacked LAPSUS$ back and encrypted the data that was stolen. Unfortunately for NVIDIA, it seems like LAPSUS$ had backups of the data. The group claims to be sitting on around 1 TB of data from the hack.
Update 2: Further details about NVIDIA's retaliation on the hackers has popped up and it would appear that NVIDIA managed to access and encrypt the data through its own VPN. This seems to have been possible due to the fact that it was a VM image of an NVIDIA system that was being used. In other words, NVIDIA didn't hack the hackers, but rather accessed a VM image of one of their own systems and encrypted the data on said VM. Unfortunately for NVIDIA, LAPSUS$ claims to have backups of the VM image and data.
Sources:
CRN, @vxunderground, @vxunderground
In a regulatory filing back in October 2021, NVIDIA seemingly warned its shareholders of a future attack on the company of some kind. NVIDIA claimed that it's hard to protect against attacks, as the attacks are getting more "prevalent and sophisticated". The filing went on to say "Our efforts to prevent and overcome these and similar challenges could increase our expenses and may not be successful. We may experience interruptions, delays, cessation of service and loss of existing or potential customers." Based on media reports, it's currently not known whether any data has been stolen or damaged and it appears that the attacker(s) haven't been identified.
Update 2: Further details about NVIDIA's retaliation on the hackers has popped up and it would appear that NVIDIA managed to access and encrypt the data through its own VPN. This seems to have been possible due to the fact that it was a VM image of an NVIDIA system that was being used. In other words, NVIDIA didn't hack the hackers, but rather accessed a VM image of one of their own systems and encrypted the data on said VM. Unfortunately for NVIDIA, LAPSUS$ claims to have backups of the VM image and data.
64 Comments on NVIDIA has Allegedly Been Hacked, Internal Systems Compromised
"Our efforts to prevent and overcome these and similar challenges could increase our expenses..."
Sounds like somebody should expect a price increase as a result.
also one reason why I respect jayz2cents way more than LTT or any of the other major players. cause jayz2cents donated/ hand built awesome gaming LAN setup for a community center last year, that place will create friendships for decades to come, ripple effects, bonds created. community is so important. respect to gabe for giving the platform, regardless of the other stuff, and mad respect to jayz2cents.i think his reasoning from what I remember is that he knew it would never live up to the hype. so would you prefer he still make it knowing that?
Lets say for 20 years you do business with company Y. Company Y sends an invoice every month from adress somecompany@servicepoint.com. I as a skilled hacker register servicep0int.com and send you a simular invoice. An employee opens the attachment thinking it's a legitimate one and voila first steps made into installing a tool that would bring nvidia's internal network on the map. From there on ill continue untill i get access to it's main and most important stuff.
Lets say on a friday evening after 20:00 ill start my backup with a script with low load so it wont be noticed, upload this somewhere and voila. Now i have nvidia's most critical files.
Thats how basicly this went down.
I mean from a software standpoint most systems are secured; that is at the front. However if you get inside of it the security is completely different. All you need to obtain is find a way "out" to push large data and your good.
Ive used to hack years ago. In my time it was mostly bad configured webservers. With that i was able to gain entrace to parts that where not visible for the outside world normally.
If anyone remembers Napster or Kazaa era; some folks would share their complete C drive. I was just thinking now what would be most universal benefit from a C drive ? It would be things like Inbox.pst or common saved documents or text files. It was so easy back then.
Also; nobody knew about shredding disks or data years either; i'd just buy large sets of used HDD"s on ebay for that matter and was able to recover all it's data on these disks. Some disks of even lawyers with full information stored still.
Froggies are green
Norton lets everyone hack you.
I'm an engineer in private sector again and much happier.
Honorable mentions:
Public K12 school systems
Lawyers (actual garbage)
Remember experian? to some of these industries IT is a cost center not a money maker. They receive the bare minimum of any kind of internal funding for which the majority goes to security for the systems they previously veto'd to upgrade. Now they are stuck so far behind with no upgrade path that its literally cheaper to pay for the ATTEMPT at securing them than to actually rebuild entire sections of infra.
LTT though, yeah, overrated. Linus is constantly screwing up and does both without owning his mistakes. He constantly shares deeply flawed opinions and gives bad advice... Can't respect the guy.Exactly, which is a retarded and bass-ackwards way of thinking. IT is an investment in business foundation, not an annoying expense...
I remember when I was a teenager, I wanted to work in computer networking. I remember sitting in class, and the professor going over 'If statements', and after about 2 hrs (I made a 'clickable ok box' my eyes started hurting, and I just felt horrible. I remember thinking to myself, do I really want to do this for the rest of my life (staring at a computer in general)? This short time span I am floating on this blue marble that is rotating gigantic oceans in front of a giant sun... I'll never understand hackers (good, bad, or neutral)... though to be fair I don't understand hardly anyone these days. I just love reading ancient history and thinking about a lot of great thinkers back then. I'll never be rich, in fact, I doubt I will ever be able to ever buy a house. I find great pleasure in knowledge for knowledges' sake, and discovering how much we have lost in modernity to our baser instincts. On the same hand, you only need a lot of money if you have a lot of expenses and also... ones perception of reality. but I digress.
I think regardless of job, a lot of people get lost in their own little worlds, and forget to look at the stars as the ancients did, to be more connected to nature and the Cosmos in general my main goal in life. It's also possible I am a fool, I am not sure which.
edit: I changed my major after 2-3 months in computer stuff, just couldn't stand it. no regrets though, even though financially I'd be more stable right now I admit
Don't forget that nVIDIA has developed the Morpheus system ( developer.nvidia.com/morpheus-cybersecurity ) which is created for spotting any anomalies inside a network.
That's why i'm confident that whatever leaks those hackers may achieved won't be something of severe strategic importance for nVIDIA structure
*ad hominem replies need not be madeI truly identify with this statement
To the people who have "nostalgia" of a time when technology wasn't a thing, I would just say "what if" kind of debates are always going to be fruitless. "What if the Europeans didn't invade America, what if gunpowder was never invented...". Technologie reached the current point as a natural evolution of us trying make life easier. There wasn't really a time where life was "better in every way", the problems were just different. In the current state of the world, "plugging out the internet" would be disastrous, and not just for big companies.
For the lesser informed here - once there is an APT in place, it's a matter of time and patience to get what you want.