Just over a year ago, graphics card behemoth Nvidia announced an unexpected software “feature”: anti-cryptomining code baked into the drivers for its latest graphics processing units (GPUs).
Simply put, if the driver software thinks you’re using the GPU to perform calculations related to Ethereum cryptocurrency calculations, it cuts the execution speed of your code in half.
This restriction isn’t meant to protect you from yourself, for example to limit hardware damage if you try to drive the GPU too hard and cause it to overheat dangerously.
This is all about managing supply and demand.
Unfortunately for keen gamers, who love powerful GPUs because they improve their gaming experience with faster and more realistic graphics, cryptocurrency mining syndicates love good GPUs even more.
That’s because GPUs greatly accelerate the mining of Ethereum-based cryptocurrencies, with calculation speeds (or hashrates, as they are known in the jargon) anywhere from five to ten times higher than a normal CPU from the same amount of electricity.
Even more unfortunately for gamers, who might buy one or two GPUs each at a time, mining syndicates use their purchasing power to buy up GPUs in bulk.
This, in turn, encourages scalpers to buy in bulk too, aiming to sell their “second hand” cards well above new retail prices when official supplies run out.
Nvidia decided to appease its many avid gaming fans – surely the company’s most loyal long-term GPU customers, given that they actually want graphics cards for doing graphics – by splitting its processor card line in two.
Mining XOR Gaming
As Nvidia said last year:
To address the specific needs of Ethereum mining, we’re announcing the NVIDIA CMP [Cryptocurrency Mining Processor] product line for professional mining. CMP products, which don’t do graphics, are [… ]optimized for the best mining performance and efficiency. They don’t meet the specifications required of a GeForce GPU and thus don’t impact the availability of GeForce GPUs to gamers.
The idea is that GeForce GPUs run at full speed if used for graphics, but if used for Ethereum mining are deliberately hobbled by Nvidia’s Lite Hash Rate system, or LHR for short.
Public opinion at the time of the announcement was sharply divided, as a quick look at the many comments on last year’s article will reveal.
Naked Security readers reacted in many ways.
A gamer called Trillian said, “Good on Nvidia!”
Others claimed this LHR behaviour was unfair because they used their GPU cards for a mix of gaming and mining (intermingled, intriguingly, with comments from readers who claimed those claims were made up).
And a commenter called J Riley Castine was even more critical, wanting to know, “How is such a move […] not a violation of anti-trust laws?”
Exit light, enter night
Well, it looks as though this year-old community divide over LHR has spilled over into outright cybercrime.
Popular technology website Tom’s Hardware, amongst numerous other commenters, is reporting that cybercrime gang Lapsus$ claims to have hacked Nvidia and stolen a terabyte’s worth of data…
…only to issue what amounts to an unusual ransomware demand: Remove the Lite Hash Rate limiter, or else!
According to an IM screenshot posted by Tom’s Hardware, the alleged hackers wrote:
Hello,
We decided to help mining and gaming community, we want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder.
If they remove the lhr we will forget about hw folder (it’s a big folder) We both know lhr impact mining and gaming.
Thanks.
The hw folder (hw is short for “computer hardware”) alluded to above is the claimed 1TB of allegedly stolen data, apparently including card schematics, driver and firmware code, internal documentation, and more.
Ironically, in the same message thread, these hackers also claim to be selling their own “LHR unlocker” for some Nvidia cards, although the underground market for such a cracking tool would clearly evaporate if Nvidia were to remove the LHR restrictions for everyone.
Perhaps the alleged existence of this darkweb LHR unlocker is supposed to make Nvidia feel even more pressurised, on the grounds that an LHR bypass could be made public anyway, so the company might as well go along with the blackmail demand?
What to do?
It’s hard to know what to believe when messages of this sort start circulating.
Did the hackers actually get in to start with? Did they really manage to steal the information they’re claiming? Was this a conventional ransomware attack, aiming at both stealing and scrambling data for extra leverage? If so, and we therefore assume that the data scrambling part was thwarted, why should we believe any of the boasts in the messages? Do the crooks really have an LHR unlocker of their own to add to the drama?
We may never know the answers to these questions, but we can learn from the allegations anyway, which reiterate the importance of defence-in-depth.
Defence-in-depth not only involves multiple layers of proactive protection aimed at early threat detection and prevention, but ideally also needs ongoing threat assessment and response, in order to figure out what really happened if anomalies are detected.
As the self-styled Nvidia hackers say:
We were into nvidia systems for about a week, we fastly escalated to admin of a lot of systems. We grabbed 1TB of data.
Whether that’s is true or not in this case, it does describe the nature of many modern cyberattacks, which aren’t simply automated “smash, gran and run” sallies any more.
Modern cyberintrusions typically involve human-led network exploration, privilege escalation, and data exfiltration, often over an extended period.
Intruders with administrator powers often introduce backdoors along the way, or add extra network accounts for themselves, thus giving themselves a quiet and easy way back in next time…
…if you don’t take the trouble to seek-and-destroy the boobytraps they left behind this time.
Not enough time or staff?
Learn more about Sophos Managed Detection and Response:
24/7 threat hunting, detection, and response ▶
NoSoup4U
If I could write code that would enable mining, I would. I would sell it only to criminals, with an imbedded command to auto upload any coins to myself LOL
Eddie Stallard
But in most places there isn’t really anything illegal about buying bulk GPUs to mine with assuming you are buying them legally of course. Selling only to criminals would be a fairly small market i think.
Paul
Don’t give in to blackmail like that Nvidia! In fact, I hope Nvidia locks down every GPU it releases from now on, and keep getting better at it so the restrictions can’t be removed! GPU miners are the scum of the earth, buy damn ASICS if you want to mine crypto.
DudeSweet
As the name implies, ASICS are built for specific applications. Each currency is unique, and requires its own ASIC. In your world, if crytp blockchains were only being processed through ASICS, the world would need an ASIC for that currency before the currency existed…
And ASICS aren’t a miracle solution, either. They are often difficult to source just like GPUs, and while they offer exceptional efficiency for their currency, they are tethered to that currency. an Etherium ASIC can basically only mine Etherium (at least efficiently). Many small and large operations use GPUs despite less efficiency because they can adjust the currencies they mine dynamically based on current payouts. Removing that flexibility is a non-starter for many people and companies.
Easiest example- If you buy an Etherium ASIC and then Etherium (finally) moves to Proof of Stake, you now have a paperweight. If that were 3-5 GPUs instead, you mine other coins and at least remain profitable (theoretically).
Paul Ducklin
Or sell your GPUs to gamers on the second-hand market… perhaps even for more than you paid for them, depending on where you are in the supply-and-demand equation.
(This is one grievance often heard from gamers: the surreal demand from miners for top-end GPUs mean that miners essentially get to “lease” their GPUs for $0 if they can sell them after a year at full price, whereas gamers are perpetually left paying those “full price” sums to pick up processors with last year’s performance.)
Kyle
They’ve now released some stolen data and called it “part 1.” So they definitely have *something*.
Paul Ducklin
Apparently “they” have also let loose some stolen Nvidia code-signing certificates. Oh, dear. HSM, anyone?