"Ah Ah Ah....You didn't say the magic word."
Posted on 03/12/2022 2:28:49 PM PST by FarCenter
Hackers have stolen data from Nvidia, the world’s largest GPU maker, and are holding that data ransom. The as-yet unidentified “threat actors” may be helping the company’s competition in China, according to a research group in Washington D.C.
Last week, Nvidia lost proprietary information to a group of hackers. A cybercriminal gang called “Lapsus$” has leaked Nvidia passwords, schematics, drivers and firmware and is threatening to release more information unless its demands are met, according to press reports. Those demands include removing cryptocurrency mining limiters on its gaming cards and making its GPU drivers open source, according to ArsTechnica.
Nvidia says it learned of a cyberattack on Feb. 23, 2022. “Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” an Nvidia spokesperson said in an emailed response to EE Times.
“We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict,” Nvidia said. “The threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online.”
...
The hack could help China’s AI and GPU rivals catch up with Nvidia, according to the Center for Security and Emerging Technology (CSET), in a report today. CSET is a policy research organization within Georgetown University’s Walsh School of Foreign Service.
Not much is known about the hackers, but people are sniffing around the usual suspects.
“These tools — which the hackers appear to have gained access to — could help Chinese AI and GPU firms catch up to their US competitors and design state-of-the-art chips of their own,” CSET said in a report today.
(Excerpt) Read more at eetimes.com ...
Inside job?
I don’t expect it from the halfwits in this administration for our national security, but I would have thought the world’s largest chip maker would have a more robust cyber security system in place. Something is very fishy with everything going on in the world at the moment, and I don’t care for it.
The Russians did it, the Russians did it.
If nothing else, perhaps my AMD holdings will bounce on Monday!
I work in cybersecurity. You have no idea how bad it really is.
At least a hybrid job Seems most likely.
You only need one stupid, or one smart person who has the network permissions.
One of my test accounts had full access to the source code, one day 12 years later some security review people freaked out.
I have no idea wtf was breached but I can only assume the whole internet was compromised
Trump was right: China is not our friend. Nor the world’s.
I would love/hate to hear more of your input. With everything going on at the moment, the thing that concerns me most is an EMP strike.
It looks like they hacked some passwords of employees.
You have to work in the field to really know how screwed we truly are. It is truly chilling how little regard there is for security almost anywhere.
I know exactly how screwed we could be.
I am preparing my sticks and stones
Methinks it’s safe to say that minus the zombies, we’d be living in season one of The Walking Dead almost overnight. What really frosts my ass is the fact that the assclowns in D.C. are well aware of the threats, yet they do nothing. 1.5 trillion more in spending yesterday. How much of that (and this is a rhetorical question)actually went towards national security infrastructure, and not towards bullshit pork projects that do nothing but add to the “Putin pricetag”?
Andy$Password1
A large part of that is because the U.S. government conspired with companies to drive down tech wages. CEOs complained how much they had to pay for competent tech staff and the government agreed to help them drive down wages. I know quite a few former IT staff who want nothing to do with any of it.
I also witness problems every day that were resolved in the 1990s but reappear because the younger, less competent IT staff have no connection the past at all; they're either foreigners from deficient training and schooling programs or have no sense of growth and progression and don't know nor care what can go wrong.
I see more and more IT staff who are learning on the company dime. They're figuring it out as they go and often go with the first solution they find but have no idea what other complications it's going to cause down the road.
I also see more and more tech staff who, when you get to know them, admit they have no IT background at all but were thrown into something because they were somewhat capable.
Well, in cybersecurity, it’s really the same problem we see in society at large: a lack of willingness to accept any consequences or do what’s actually necessary to maintain a secure environment.
Processors are vulnerable and the fix will cripple their power? Let’s just sort of half patch it and pretend it’s ok...want to spin up an app on AWS and don’t know anything about security? Don’t worry about it...chain all those JS libraries together and run them as root. What’s that even mean anyway? Of course I need my iPhone on the corporate network so I can surf donkey pr0n at work...why would anyone ever ask anything different? Computers with sensitive data NEED to be connected to the web. Otherwise, it would be too damn inconvenient! Security minded people are just a bunch of boomers who don’t understand how things are done now.
It looks like they hacked some passwords of employees.
—
You’d think companies with this sort of proprietary info would have 2-factor auth.
Does it have anything to do with all the backdoors the Chinese foundries built into the chips?
The bigger the organization, the more bureaucracy. Organizations cut corners far too often, and talent in cyber on our side is terrifyingly lacking.
"Ah Ah Ah....You didn't say the magic word."
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.