Nvidia's Corporate Network Compromised

By Stuart Burns
published

According to Forbes and several other sources, Nvidia has had it's internal network breached. Currently, the breach appears to be limited to usernames and passwords for the Nvidia internal network. 

The way in which this hack was executed -- and the timing, at Christmas when the sysadmins were busy with other things -- suggests this was a well-planned and thought-out attack, rather than an opportunistic one. The original source was allegedly a staff member whose system was compromised and subsequently used as an attack vector.

Nvidia has gone on record, via an internal email sent to employees after the breach was found, stating that there is "no indication other data." Sources have also stated that the breach has been ongoing since the first week of December.

What is particularly interesting about this hack, at least to this writer, is that Nvidia isn't a standard target for crackers. There is much lower-hanging fruit to be taken from other sites that have more credit card and user details.

What may potentially be more interesting is the fact that Nvida makes advanced silicon for supercomputers and advanced, sometimes classified, simulations. (Not to mention enthusiast-class GPU IP.)

Machines such as Titan (pictured) are the latest generation of supercomputers, and the information on it is worth a lot of money to the right party. There has, as yet, been no confirmation of any intellectual property, classified or otherwise, being copied from the network.

Stuart Burns
12 Comments Comment from the forums
  • yumri
    So a bunch of usernames and passwords were stolen ... wait for the next attack to be a "social hacking" type attack in which another party that did not steal the usernames and passwords to use them to access the nVidia network or at least try to and steal something more variable like the GPU design blueprints for the up and coming versions of it whatever they might be or something like that which actually has a sizeable amount of cash attached to it.
    Reply
  • jasonelmore
    100 bucks says it's samsung or samsung's lawyers trying to make a case with the ITC.
    Reply
  • beta212
    Nvidia's statement: https://oag.ca.gov/system/files/Notice,%2012-17-2014_0.pdf
    Original source: http://www.scmagazine.com/nvidia-asks-employees-to-change-usernames-and-passwords-following-data-breach/article/390180/
    Reply
  • ykki
    Woops.... and to think that companies might have ramped up their cyber security after the sony episode.
    Reply
  • Avus
    I am waiting the US president come out and said they have 100% proof that it is either done by Chinese, Russian or North Korean.
    Reply
  • Innocent_Bystander
    Screw low hanging fruit, NVidia is a juicy target for their government contracts alone.

    This one is far more ominous than the hack that hit Sony. It has industrial espionage written all over it.
    Reply
  • hysteria357
    The greatest threats to a network are its own users.
    Reply
  • delellod123
    I think the sony attack was just disgruntled employees. Sony spun it into a marketing scheme to boost ratings for the Interview. And experiment with a new way of distributing new movies i.e.: streaming.
    Reply
  • g00ey
    14937511 said:
    So a bunch of usernames and passwords were stolen ... wait for the next attack to be a "social hacking" type attack in which another party that did not steal the usernames and passwords to use them to access the nVidia network or at least try to and steal something more variable like the GPU design blueprints for the up and coming versions of it whatever they might be or something like that which actually has a sizeable amount of cash attached to it.

    Yay, the conspiracy plot thickens. These blueprints will be used for brain implants that will turn monkeys into killer machines, or better yet, they are going to use them to make a big nucular bomb that will eradicate the whole world. Scary shit indeed! *putting my mithril tinfoil hat on*
    Reply
  • yumri
    14954493 said:
    14937511 said:
    So a bunch of usernames and passwords were stolen ... wait for the next attack to be a "social hacking" type attack in which another party that did not steal the usernames and passwords to use them to access the nVidia network or at least try to and steal something more variable like the GPU design blueprints for the up and coming versions of it whatever they might be or something like that which actually has a sizeable amount of cash attached to it.

    Yay, the conspiracy plot thickens. These blueprints will be used for brain implants that will turn monkeys into killer machines, or better yet, they are going to use them to make a big nucular bomb that will eradicate the whole world. Scary shit indeed! *putting my mithril tinfoil hat on*

    you never tried your hand in hacking have you? the easiest way to hack is to already have the username and password to get in. As the nVidia Corporate network compromise only took usernames and passwords it will be easier now as the first thing which nVidia probably did was have all their employees change the passwords and/or have the computer do it for them then have the employees change it again to something not used before.
    Back to hacking once you have the keys to get in you can take alot of other stuff and not be noticed at all. This is what i ment by wait for the next hack on them as they might not even notice that it has happened.

    Reply