A Samsung Galaxy Fold smartphone. Sofie Brandt/PSU Vanguard

A closer look into Samsung and Nvidia’s recent hacks

A mysterious new hacker group with unknown motivations has arisen

One word differentiates the paranoid from the conscientious when it comes to cybersecurity—why. Ads from companies like Norton love to explain how their products protect users from hackers, viruses and other online threats. Hackers could steal your data, install malware on your phone and even spy on you!


While there should always be a certain level of cyber-hygiene, it’s important to think about what companies would want with your data. Why would they install malware on your phone for no reason? 


Chances are that hackers will have little-to-no vested interest in you. Rather, hackers are often motivated by four things—money, activism, information and sabotage. 


Money is the most common reason behind hacking incidents, from small-scale actions like stealing credit card data to larger attacks such as locking down an entire business network. Ransomware is the most common—groups such as REvil infect computers to make them unusable until the hackers are paid a fee. 


When hackers disrupt a business, group or individual in order to prove a point—for social justice—it is often called hacktivism. While much more prevalent in the ‘90s and the early ‘00s with the rise of Anonymous, a good modern-day example would be the Parler hack that occured Jan. 12, 2021. 


A hacker group had successfully gathered the entire database—roughly dozens of terabytes—of users who had used the app, known for being a breeding ground for disinformation and hate speech. This information was then posted online in hopes of supporting investigations of the Jan. 6 insurrection.


Things get more frightening when hackers are looking to steal information—or to sabotage people, systems or governments. These kinds of attacks are rarely done by independent organizations, but nation-states with millions of dollars of funding. Individuals, no matter how skilled, simply do not have the kind of equipment or knowledge necessary to break through such intricate systems. 


Hacks conducted over the past couple weeks by the hacker group known as Lapsus$ are particularly bizarre, confusing and ultimately far more concerning than what the victims may mention publicly. 


On Feb. 23, Nvidia was hacked immediately after the Ukraine invasion. More than one terabyte (1TB) of data was stolen from the corporate network—with Lapsus$ threatening to expose the entire registry of credentials and data by March 4 if the company did not comply. It has been confirmed that Lapsus$ has indeed held true to their threats, with the credentials being used to install malware inside the company’s own systems. 


What was their demand?


Allow the company’s graphics cards to mine cryptocurrency faster—or face the consequences. 


In Feb. 2021, Nvidia announced its graphics cards (GPUs) would have a crypto-mining cap, known as LHR, or Lite Hash Rate. It tells the GPU to go slower if it’s trying to mine any digital currencies, with the intention of driving down demand for graphics cards. The cap would place more of the company’s products in the hands of everyday people, instead of scalpers and millionaires setting up a mining warehouse. 


This cap gave Nvidia some unexpected enemies. 


On March 7, Lapsus$ had purportedly shown off over 200GB worth of data stolen from Samsung’s headquarters in South Korea. This data wasn’t a list of credentials or accounts, but the source code to Samsung Galaxy devices—more specifically, the biometric and encryption programs Galaxy phones use to lock and unlock themselves. 


If these hacks appear to be separate from the motivations listed earlier, that’s because they are. Or rather, they appear to be.


In a post on The Hacker News, Sasha Gohman described the first step of planning an attack. Knowing what platforms, technologies and operating systems will be targeted is essential, so that hackers can develop and find tools that specifically break into those devices.  


Unfortunately, the best way to build tools that can break into a device is to look at the source code of the device itself, so what makes Lapsus$ frightening is not what they’ve already done, but rather what they haven’t done.


We don’t know exactly who Lapsus$ is. They could be a nation state, or a group of independent, seasoned hackers or some emerging hacktivist organization. We also don’t know why they want Samsung’s source code or the LHR lifted on GPUs. 


What we do know is that they stole data used to change the locks on very specific devices, but they kept it internally within the group instead of releasing it to the public. With that kind of data, hackers can effortlessly develop tools to break into Samsung Galaxy phones if need be. The question then becomes the most important one of all—why?