AMD Uses DMCA to Mitigate Massive GPU Source Code Leak (Updated)

[Matrix]

 

AMD has filed at least two DMCA notices against Github repos that carried "stolen" source code relating to AMD's Navi and Arden GPUs, the latter being the processor for the upcoming Xbox Series X. The person claiming responsibility for the leak informs TorrentFreak that if they doesn't get a buyer for the remainder of the code, they will dump the whole lot online.

 

Graphics cards are big business and AMD is one of the leading brands with an estimated 32% share of the discrete desktop market.

 

In July 2019, to celebrate its 50th anniversary, AMD released its Radeon RX 5000 series powered by ‘Navi’ GPUs (Graphics Processing Unit). The source code for these devices is extremely sensitive and considered secret but perhaps not for much longer.

 

This week rumors began to circulate that an unnamed individual had somehow obtained the source for Navi 10, Navi 21 and Arden devices, the latter representing the rumored GPU for the yet-to-be-released Xbox Series X. Confirming whether such leaks are genuine is difficult but yesterday AMD took action which tends to support the theory.

 

In a DMCA notice sent to development platform Github, AMD identified the recently-created ‘xxXsoullessXxx’ repository and a project titled “AMD-navi-GPU-HARDWARE-SOURCE” as the location of its “stolen” intellectual property.

 

“This repository contains intellectual property owned by and stolen from AMD,” the semiconductor company wrote. “The original IP is held privately and was stolen from AMD.”

 

 

Github responded by immediately taking the repository down, as per AMD’s request. That prompted us to try and find the person behind the repo and to ask some questions about what AMD was trying to suppress. The individual informed TorrentFreak that AMD’s GPU source code was the content in question. (Responses edited for clarity)

 

“In November 2019, I found AMD Navi GPU hardware source codes in a hacked computer,” the person explained. “The user didn’t take any effective action against the leak of the codes.”

 

Questioned further on the route of extraction, we were told that a combination of factors led to the leak.

 

“The source code was unexpectedly achieved from an unprotected computer//server through some exploits. I later found out about the files inside it. They weren’t even protected properly or even encrypted with anything which is just sad.”

 

The individual, who claims to be female, told us that the package included code for Navi 10 and Navi 21 devices. She also confirmed that the source for the Xbox Series X GPU ‘Arden’ was part of the haul.

 

When asked whether the person had spoken to AMD about the leak, the answer was negative.

 

“I haven’t spoken to AMD about it because I am pretty sure that instead of accepting their mistake and moving on, they will try to sue me. So why not just leak it to everyone?” we were told.

 

The alleged leaker further told us that one “source code packet” had already been released. Whether that is limited to the material made available via Github remains unclear but TF was able to find links to a file-hosting site where an archive claiming to be the content was stored. Given the potentially criminal route via which the content was obtained, we did not download the package.

 

That AMD is concerned about the leak was underlined once again late yesterday. Having indicated in its initial complaint to Github that the source couldn’t be found anywhere else, the company later backtracked, identifying at least four other locations on Github where the project had been forked. All of those repos have been taken down.

 

While taking down the repositories is a logical first step for AMD, the gravity of this leak is hard to underestimate. The claimed hacker told TF that she valued the source at $100m but how that calculation was arrived at is unknown. While AMD considers its next steps, an even bigger storm may be heading the company’s way.

 

“If I get no buyer I will just leak everything,” the leaker concluded, adding that the files would be secured with passwords that will only be handed out to select individuals.

 

Update: Statement from AMD

 

At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.

 

While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.

 

We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.

 

Source

[Matrix]

Source code for AMD's upcoming graphics products has been swiped

Including code for the Xbox Series X's 'Arden' GPU 

Why it matters: Tech companies hate seeing their latest projects leak early, but it's an unfortunate reality in this fast-moving age of instant information and unprecedented security breaches. AMD learned that the hard way recently after a hacker got her hands on the source code for some of AMD's upcoming graphics products.

AMD announced this data breach earlier today, claiming that it was first notified of the incident back in December. The company says the hacker in question reached out to them directly, but the individual -- a female who spoke to TorrentFreak anonymously -- disputes this statement. She says that she never had any direct contact with AMD for fear of being sued.

 

The graphics products that the hacker managed to gain the source code for include Navi 10, Navi 21, and Arden devices, which cover current-gen, next-gen, and Xbox Series X GPUs, respectively. Some of the source code was uploaded to GitHub, but it was swiftly taken down on AMD's request.

 

 

The code was obtained from an "unexpectedly" unprotected computer, the hacker told TorrentFreak, and it lacked any "proper" encryption. She went on to note that she feels the stolen source code could be valued at "$100m," but that's obviously quite difficult to verify.

 

As you'd expect, AMD is concerned about this breach, and notes that the hacker likely has other files that have not yet been made public. However, it insists that the stolen graphics code is "not core" to the competitiveness or security of its graphics products. Furthermore, the hardware maker is "working closely" with law enforcement officials to track down the hacker and bring them to justice.

 

Whether or not these endeavors will be successful remains to be seen -- tech-savvy hackers can be quite elusive when they want to be.

 

Source