Nvidia Allegedly Hacks Hackers Who Stole Company's Data (tomshardware.com) 57
According to Vx-underground on Twitter, Nvidia has reportedly retaliated against the hacker group that stole over 1TB of the company's data by sneaking back into the hacker's system and encrypting the stolen data. Tom's Hardware reports: LAPSU$, an extortion group in South America, had illegally tapped into Nvidia's mailing server and installed malware on the software distribution server. As a result, the hacker group purportedly extracted over 1TB of Nvidia's data. However, it's unknown what kind of data the hackers had stolen, whether Nvidia's or its clients' data. It would seem that Nvidia has identified the attackers. According to the Vx-underground's Twitter post and backed by screenshots, the chipmaker has infected the perpetrators' system with ransomware and encrypted the stolen data in response to the attack. The group claimed that it had a backup of the data, though.
Re: (Score:2)
They printed it out.
Should have gone for more. (Score:2)
They should have stolen all their remote access codes/passwords and destroyed those systems, send all their trusted contacts a trojan, rinse and repeat, before destroying all the systems on all the networks. If you are going to break the law then you might as well do it right and try to keep your secrets secret!
Honest question (Score:1)
Re: (Score:2)
Corporation is a person until it isn't (Score:3)
Yes, it is possible they broke some laws doing this (if the news is actually true). However, it would be difficult to prove any of this in court without a lot of legal discovery, and I'm sure Nvidia would have made a point not to leave a big corporate data trail.
Other problems in prosecuting such a case:
- identifying jurisdiction is a crap-shoot without some good evidence before discovery, so could end up being a huge waste of court time, even if they did manage to gather evidence
- corporations aren't reall
Re: (Score:2)
Also along these lines is the legal issue of software providers using discovered exploits to patch vulnerable servers found in the wild, even when the server owners are negligent and don't install available patches on their own. Iirc, this quandary came up with a Microsoft bug in the early 2000's -- might have been the Slammer worm for SQL Server, but it's been too long for me to remember it all that clearly without doing a lot of research/digging.
Re: Corporation is a person until it isn't (Score:2)
All vadid points. Against that, the DOJ must weigh the risks of setting a really bad precedent.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not a problem... have the purported victim stand up in court and identify themselves and provide the evidence that nVidia hacked them.
I'm sure the hacking group will get straight on that.
Also, as someone else says, it's likely that it's an automated corporate policy to encrypt drives as they're added to the network, with a key only nVidia knows... in which case even if someone WAS stupid enough to say "we deliberately broke into nVidia and stole their code but we want you to prosecute them for encrypting ou
Meanwhile... (Score:1)
"Even less so is the purported reverse-hack Nvidia reportedly conducted on Lapsus$, where they attempted to ransomware their data back from the group. This has been confirmed by Lapsus$; but the group claims to already have copied and backed-up the data before the attempted intrusion, rendering Nvidia's efforts fruitless. "
I'd rather... (Score:2)
... wish they'd use their time to "hack" together a proper working linux video driver.
Dangerous... (Score:1)
I allege this is total BS (Score:1)