NVIDIA's core source code has just been "open sourced", and the information of more than 70,000 employees has been leaked. at the same time,hackerHe also "helped" Samsung open source the code, and by the way, Qualcomm was also involved. It seems that the South American hacker group Lapsus$ is going to play a big game with Nvidia. Just a few days after the source code was "open source", the email addresses and NTLM password hashes of 71,335 NVIDIA employees were completely leaked.
Data leakage detection website HIBP confirmed that a lot of the content has been cracked and widely spread among the hacker community.
According to statistics, Nvidia has 18,975 employees in 2021. Therefore, this data obviously also includes data on employees who have resigned.
This morning, March 4th, local time, is the deadline for the ultimatum. I wonder what big moves Lapsus$ will make next?
Nvidia hacker war begins third round
On February 26, the British "Daily Telegraph" published the first news that Nvidia had been hacked. Bloomberg, Reuters and other media have followed suit.
The news at the time was that the cyber attack would interrupt some of Nvidia's operations for at least two days. Due to response and containment measures after a malicious network intrusion, Nvidia's internal email system and development tools cannot be used during this period.
Soon, the perpetrator group Lapsus$ admitted on Twitter that it was responsible for the attack, and blatantly asked Nvidia for money.
Lapsus$ claims to have successfully broken through NVIDIA's network firewall and stolen nearly 1TB of data.
In order to prove that they were not joking, they also published the password hashes of some Nvidia employees logging into the intranet, and said that they would soon leak data about RTX GPUs.
Lapsus$ also put down harsh words, saying that if Nvidia contacted them early and paid them honestly, there would be no more data leaks. If they do not comply, all data will be released in five installments.
On February 27, Lapsus$ claimed that NVIDIA had deleted the data on his computer!
"We didn't intend to leak the data, but Nvidia actually made a shameful attempt to delete our personal data!"
However, Lapsus$ also said that the data was backed up and Nvidia did not achieve its purpose.
This time, Nvidia did not make a targeted statement on Lapsus$, which once broke through the defense.
On February 28, Lapsus$ began releasing data as the previous requests had not been met.
The first batch of data includes highly confidential data such as NVIDIA GPU drivers and mining lock computing power software source code, and download links have been released (hidden here).
Meanwhile, Lapsus$ announced that they are already shipping unlock codes that bypass Nvidia's official LHR installed on the GA102 and GA104 chips.
The Falcon mentioned here is a special microcontroller architecture found in all NVIDIA graphics cards and is used in a wide range of functions from program security to storage replication to video decoding.
This wave of "forced open source" was something no one expected. It is not only rich in content, but also has a huge amount of data.
Not only did various media outlets report on it, but netizens also joined the ranks of downloading and seeding.
Nvidia also seems to realize that something is wrong.
On March 1, Nvidia issued an official notice admitting that threat actors had stolen employee passwords and undisclosed Nvidia proprietary information from its systems.
“On February 23, 2022, we discovered an incident affecting IT resources.cyber securityevent. Shortly after the incident was discovered, we further hardened our network, hired cybersecurity incident response experts, and notified law enforcement. "
"There is no evidence that ransomware was deployed in NVIDIA environments or that this was related to the Russia-Ukraine conflict."
Nvidia said it has advised its employees to change their passwords and does not expect the incident to cause any disruption to its business or its ability to serve customers.
Apparently, Lapsus$ was not satisfied with Nvidia's response.
Lapsus$ requires Nvidia to permanently open source drivers for Windows, MacOS, and Linux versions of all released and future graphics cards under the FOSS project agreement.
If it has not been done before March 4, Lapsus$ will disclose the product specifications, drawings and chipset information of all NVIDIA graphics cards that have been released and will be released, including RTX 3090Ti.
On March 2, data leakage detection website HIBP confirmed that more than 70,000 pieces of employee information stolen by hackers had been completely leaked.
190GB of Samsung confidential documents leaked, implicating Qualcomm
While waiting for NVIDIA's response, Lapsus$ was not idle either.
This time it was South Korea’s Samsung Electronics that suffered.
On March 4, Lapsus$ first released a screenshot with "Samsung" as the keyword, which contained various C/C++ instruction sets.
Soon, Lapsus$ added details about the "Samsung source code" he holds.
Source code for every Trusted Applet (TA) installed in the Samsung TrustZone environment for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
Algorithm for all biometric unlocking operations
Bootloader source code for all recent Samsung devices
Qualcomm’s confidential source code
Source code of Samsung activation server
Full source code for the technology used to authorize and authenticate Samsung accounts, including APIs and services
Qualcomm's code was also implicated and was not spared.
Lapsus$ split the leaked data into three compressed files, which add up to almost 190GB.
Like Nvidia, Samsung's source code is also popular, with more than 400 peers currently sharing the content.
Lapsus$ also said that more servers will be deployed to improve download speeds.
In addition to the code, Lapsus$ also provides a brief description of the archive's contents:
first part:
Contains dumps of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other projects.
the second part:
Contains a dump of source code and related data about device security and encryption.
the third part:
Contains various repositories from Samsung Github: Mobile Defense Project, Samsung Account Backend, Samsung Pass Backend/Frontend, and SES (Bixby, Smartthings, Store).
If Lapsus$ had no bluff, then Samsung might have suffered an unprecedented data leak this time, and the possible losses would be immeasurable.
However, it is unclear whether Lapsus$ will also demand a "ransom" from Samsung.
Reference links:
https://techcrunch.com/2022/03/04/nvidia-ransomware-hackers-demands/
https://www.computing.co.uk/news/4045981/hackers-warn-nvidia-open-source-gpu-drivers-leak
https://portswigger.net/daily-swig/nvidia-hackers-allegedly-attempting-to-blackmail-company-into-open-sourcing-gpu-drivers
https://www.databreachtoday.com/nvidia-breach-exposes-71000-employee-credentials-a-18660
https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
Original article by SnowFlake, if reproduced, please credit https://cncso.com/en/nvidia-core-assets-data-hit-by-hackers-open-source-html