Nvidia Hackers Selling Cryptocurrency Mining Bypass
On Friday of last week news broke that someone had infiltrated Nvidia’s network, though at the time it wasn’t clear what they were after or if it was somehow related to Russia’s invasion of Ukraine. It now appears the Nvidia hackers were after a very obvious target: the code behind Nvidia’s Low Hash Rate (LHR) limiter, which reduces GeForce GPU performance when mining cryptocurrency.
As we reported last week, the nefarious activity “completely compromised” some of Nvidia’s internal systems, causing the company to lose access to its email system for several days. Nvidia also shut down some of its own systems to prevent the spread of malware and to allow it to investigate. New information has come to light that indicates Nvidia had a pretty busy weekend doing battle with the hackers, which are apparently a group named Lapsus$, according to an account by Wccftech. The group reportedly was able to snag a terabyte of data from Nvidia’s servers, which included drivers, firmware, documentation, and developer SDKs. There were reports over the weekend that Nvidia tried to hack the group back by encrypting the files it had managed to steal, but the group was thinking ahead and had made a backup, so Nvidia’s efforts may have been fruitless.
The hackers made several announcements on Telegram, the encrypted messaging and chat service, which were then posted to Twitter. One tweet noted the hackers said they were releasing “part one” of the files they had exfiltrated from Nvidia. Readers interested in poking around in such depositories should be wary. Last week, a hacker posted what he claimed was a workaround for Nvidia’s LHR limiter. Once people began poking around in it, they discovered it was malware.
LAPSUS$ was able to use the stolen files to create a workaround for Nvidia’s LHR limiter, which it is already selling it the black market. The limiter bypass would allow Nvidia RTX 30-series cards to mine crypto currency at full-speed, instead of being limited by Nvidia to discourage miners from buying all its GPUs. The hackers are now demanding Nvidia remove the LHR from all its 30-series GPUs, or else it will release even more data that it has stolen from the company. It could also theoretically release the LHR workaround to the public. Nvidia will obviously never take this course of action.
Even worse, the company claims it gained access to Nvidia employee information, including every employee’s password hash. Bleeping Computer posted the notification on Twitter, but has not verified it as of press time. Password hashes are not the same thing as the actual password, but obviously this is not something Nvidia wants out in the wild.
Continue reading
Someone Hacked Ray Tracing Into the SNES
Surely, a game console from the 90s couldn't support ray tracing, right? Wrong. Game developer and engineer Ben Carter hacked ray tracing into the Super NES with a little help from an FPGA dev board.
New ‘Morpheus’ CPU Design Defeats Hundreds of Hackers in DARPA Tests
A new CPU design has won accolades for defeating the hacking efforts of nearly 600 experts during a DARPA challenge. Its approach could help us close side-channel vulnerabilities in the future.
Knee-Deep in the LED: Hackers Get Doom Running on Ikea Smart Bulb
The devices capable of running Doom keep growing. Today's demonstration? Smart bulbs.
Switch Hacker Agrees to Pay Nintendo an Additional $10 million
After spending the last few years making and selling Switch modding kits, Bowser has agreed to pay Nintendo $10 million in damages to settle a civil lawsuit. This is in addition to the restitution he was ordered to pay following his criminal conviction.