Hacker News new | past | comments | ask | show | jobs | submit login

I wonder how professional these criminals are. A crime syndicate would silently ask for money. This seems either a false flag operation for a group wanting something else, or much more likely a kid playing around and finding an unlocked door.

That last case, a kid pissing of a powerfull entity with a crime, generally does not end well for the kid.

I don't see NVidia publicly giving in and loosing face, so there seems no upside either for the criminal.




So you think nVidia will want to see the release of all of its chip schematics? That's an interesting position, but I fail to see how that would be a good idea for them. Perhaps if they are hoping the hackers will be apprehended before Friday.


It's a standard rock vs hard place situation. But

1) why should nVidia trust the attackers? nVdia might give in, and the files might still be leaked. The attackers should be able to guarantee they won't release the files AND nobody steals the files from them. Hard sell for the attackers, especially with a kid profile .

2) These files are legally toxic. You can't look at them and then publicly act on their content. So anything a third party can do has to happen at arm's length, parallel construction style. This also goes for open source devs, who can't permit nouveau gettibg kicked out of the legal repositories.

3)It is well possible the leak is not as damaging as it looks. People in the industry swap jobs all the time, and take knowledge with them. People accidentally do small leaks all the time, being sloppy with data entrusted to them. It seems reasonable for other big organizations to already have some level of knowledge of the content.

On the other side of the coin is the fully legal loss of control of their software. They also open themselves up to future ransomers ('Danegeld').

I'm not saying high level people at nVidia aren't swearing loudly right now, but a 'let the chips fall as they may' response seems most likely to me, especially combined with a 'we'll very publicly sue the attackers in the ground, as an example for all wannabes' response.


> 1) why should nVidia trust the attackers? nVdia might give in, and the files might still be leaked.

They might, but they will surely be released if they choose to ignore the attackers. Given the choices between a bad outcome happening potentially and surely, which one would you choose?

> 3)It is well possible the leak is not as damaging as it looks. People in the industry swap jobs all the time, and take knowledge with them. People accidentally do small leaks all the time, being sloppy with data entrusted to them. It seems reasonable for other big organizations to already have some level of knowledge of the content.

I still fail to see the logic. Assuming the attackers are honest, the choice is between: a) drivers public b) everything (which includes drivers) public

Option a) garners significant sympathy. What is the incentive to choose b)?

> They also open themselves up to future ransomers ('Danegeld').

This is the only argument that makes a bit of sense to me.

> especially combined with a 'we'll very publicly sue the attackers in the ground, as an example for all wannabes' response.

That can only happen if they are caught.


> These files are legally toxic. You can't look at them and then publicly act on their content

I keep reading this, but is this just a US issue? I assume people in other countries can look and clone these?

Given close to half the worlds population live in India and China, and the US make up < 5% of the worlds population, this doesn't seem like a big concern.


What's to stop the group from releasing them anyway? What happens to the files on the hacker's drive - surely the hackers won't delete the files? That would give up the leverage they have. If the files are out there, they could even be leaked by accident (hacker loses laptop, drama in hacker group causes member to rebel, rival group hacks this group, etc)

Risk-wise, I think nVidia has no choice here. They should assume the Verilog source will eventually be made available. The only question is whether the time between now and then is valuable enough to give in to the demands.


There is no guarantee that the complete archive won't at some point be released, that is true, but there is a sizeable, reasonable chance. The alternative is that they are definitely released.

Given this, what is the game theoretical reason for nVidia not to even try preventing the release of the complete archive? I think there is none: they should release the drivers as open source and try to contain the damage.


They won't want to, but I suspect they would prefer it to the actions demanded by the ransom.

Nobody legitimate can do anything with the released information if the hackers leak it. It's a huge patent red flag. They could with the drivers open sourced.


NVIDIA could have violated some patents with their design themselves (even unknowingly). There are legitimate reasons why NVIDIA wouldn't want the leak to happen, even if other companies likely wouldn't touch it.


I doubt China would have any qualms using the information


If you're in certain countries you can't do anything with the leaked information officially. But you can still look at it and learn from it without telling anyone. As long as you conceal the trail, which shouldn't be that hard, you're good to use it.

On top of that, there's the issue of potentially violating patents the other poster raised.

I'd say those are pretty good arguments for nVidia to try to prevent this scenario.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: