Nvidia hacks back!
Updated: Mar 28, 2022
Nvidia has been in the news recently as they appear to have been hacked and have had their data stolen. An organisation called Lapsus$ (yes they have a dollar sign in their name) has reportedly stolen Nvidia confidential R&D data and are threatening to release it if they aren’t paid a ransom. This is an example of another kind of ransom attack, instead of encrypting your data (which let's be fair, won’t work with Nvidia, they *probably* have backups) the attackers steal a copy and threaten to make it public. Now the neat thing here is that the attackers aren’t asking for money, not directly anyway, they want Nvidia to make their drivers open source. Why would a hacker collective risk an attack on Nvidia for something so… well… publicly minded? Because Nvidia stops people from mining bitcoin on their consumer graphics cards of course! With open-source drivers, the bad guys could make Nvidia graphics cards work way better for crypto mining, making them potentially *tons* of money through bitcoin and associated cryptocurrencies.
Active security is the only approach that could have helped here, Nvidia is a sophisticated company and would have the best of breed in cyber security solutions, and it didn’t help. This is because the attackers were using living off the land attacks and using legitimate accounts to access the data. We know this because of what has happened next. Nvidia has reportedly hacked back!
Lapsus$ has reported that the machine that they used to get into Nvidia’s network has been hit by ransomware, deployed by Nvidia themselves! How you might ask? Well, the attackers used a legitimate account to associated the machine with Nvidia’s domain just as you would associate a user’s laptop.
This allowed Nvidia to conduct administrative actions on the computer and rolled out targeted malware to it in the form of a group policy update. As a result, the machine and all the stolen data on it was encrypted. Performing attacks like these are on the far grey side of active security, offensive attack strategies are a use of force against others, and if you follow your nation-state philosophy, you’ll know the use of force is the sole provision of the state…
In other words, it’s very illegal. That said, if you are acting on your own property, technically no harm no foul. As Lapsus$ had associated the machine with Nvidia’s network… technically it was agreeing to Nvidia’s terms of service and in some way was Nvidia’s digital property….
It is a grey area, however, but I don’t expect Lapsus$ to be taking Nvidia to court anytime soon over it. Now Lapsus$ has stated that this was a waste of time as they have backups of all of the data, which at least means they do protect themselves against their own medicine… but they probably did not expect Nvidia to do that. Maybe they should have invested in active security themselves?