Russian vacationer provided worker $1 million to cripple Tesla with malware



Tesla's Nevada Gigafactory was the target of a concerted conspiracy to cripple the company's network with malware, CEO Elon Musk confirmed on Thursday afternoon.

The draft plan was released on Tuesday in a criminal complaint accusing a Russian man of offering $ 1 million in exchange for the employee of a Nevada company identified only as "Company A" Employee who infects the company's network. The clerk reported the offer to Tesla and later worked with the FBI on a sting where he covertly recorded face-to-face meetings discussing the proposal.

"The purpose of the conspiracy was to recruit an employee of a company who would clandestinely transfer malware provided by the co-conspirators into the company's computer system, filter data out of the company network, and threaten to disclose the data online, unless that Company has paid the cost of ransom demand from the co-conspirators, ”the prosecutor wrote in the complaint.

Musk: "This was a heavy attack"

By Thursday afternoon, Company A's identity was uncertain, despite much Twitter speculation and several open source blog reports that Tesla's Nevada website was the target. In a tweet in response to one of the unconfirmed reports, Musk wrote, “Much appreciated. This was a severe attack. "

Much appreciated. This was a severe attack.

– Elon Musk (@elonmusk) August 27, 2020

The indictment filed in federal court in Nevada on Tuesday contained a sweeping and determined attempt to infect Company A's network. The 27-year-old defendant Egor Igorevich Kriuchkov allegedly traveled from Russia to Nevada and then met the nameless employee several times. When Kriuchkov's original bid of $ 500,000 failed to close the deal, the defendant doubled the offer, prosecutors said.

Eating, drinking and drinking

According to the complaint, Kriuchkov tasted, ate and drank the employee and had conversations in cars while discussing particularly sensitive details. When FBI agents were unable to conduct physical surveillance in restaurants or bars, the agent recorded them.

An alleged meeting took place on August 7th in a car rented by Kriuchkov. The public prosecutor named the employee CHS1 – short for confidential human source No. 1 – and described him as follows:

During this meeting, which the FBI consensually recorded, KRIUCHKOV reiterated some details of the criminal activities previously suggested to CHS1. KRIUCHKOV described the malware attack as before, adding that the first part of the attack (DDoS attack) would be successful for the "group", but the victim company's security officers believed the attack had failed. KRIUCHKOV again listed previous companies that the "group" had targeted. KRIUCHKOV stated that each of these target companies had one person employed by the companies that installed malware on behalf of the "group". To allay CHS1 concerns about being caught, KRIUCHKOV claimed that the oldest “project” the “group” worked on took place three and a half years ago, and that the “group” co-op was still working for the company . KRIUCHKOV informed CHS1 that the "group" had technical staff who would ensure that the malware could not be traced back to CHS1. In fact, KRIUCHKOV claimed the group could attribute the attack to someone else at victim company A in case there was someone who wanted to teach CHS1 a lesson.

During the meeting, CHS1 expressed how concerned and stressed CHS1 had been about the request. CHS1 stated that if CHS1 agreed to install the malware, CHS1 would need more money. KRIUCHKOV asked how much, and CHS1 replied with $ 1,000,000. KRIUCHKOV agreed to the request and said he understood but had to contact the "group" before accepting the request. KRIUCHKOV confided that the "group" KRIUCHKOV paid $ 500,000 for his participation in CHS1's installation of the malware, and he agreed to give CHS1 a significant portion of the payment ($ 300,000 to $ 450,000) in order to to encourage its participation.

CHS1 said CHS1 would need money upfront to ensure that KRIUCHKOV would not install the software and then not pay him. Again, KRIUCHKOV asked how much, and CHS1 replied with $ 50,000. KRIUCHKOV said this was an acceptable amount and a reasonable request, but he needed to work on it because he only had $ 10,000 on him due to U.S. tariff restrictions on the amount of money he could bring into the country. KRIUCHKOV also asked what would prevent CHS1 from taking the pre-payment and not continuing to install the malware. CHS1 stated that CHS1 was certain that KRIUCHKOV or the "group" would find a way to leverage CHS1 to ensure that CHS1 upholds its end of the agreement. CHS1 and KRIUCHKOV discussed the timing of the next meeting, and KRIUCHKOV said he would return to Reno on or about August 17, 2020.

Absolutely crazy

Aside from targeting a legendary automaker, the plot is noteworthy for other reasons. One thing is his boldness and ruthlessness. Security researcher and reformed teenage cybercrime hacker Marcus Hutchins commented on Twitter, “One of the benefits of cybercrime is that criminals don't have to expose themselves to unnecessary risk by doing their business in person. It is absolutely insane to fly to US jurisdiction to manually install malware on a company's network. "

One of the advantages of cybercrime is that criminals do not have to expose themselves to unnecessary risk by doing their business in person. It is absolutely insane to fly to US jurisdiction to manually install malware on a company's network.

– MalwareTech (@MalwareTechBlog) August 27, 2020

One terrifying observation from Craig Williams, director of public relations for Cisco's security arm, Talos Labs, was what could have happened if the conspiracy had succeeded.

"This calls into question the added risk if the system responsible for your self-driving car comes under the control of an attacker – through a malicious insider or otherwise," he wrote. "The whole thing is extremely exciting and worrying."

I assume this means that my assumption was correct. This calls into question the added risk if the system in charge of your self-driving car comes under the control of an attacker – through a malicious insider or otherwise. The whole thing is extremely exciting and worrying.[19459002 lightboxes— Craig Williams (@security_craig) August 28, 2020
Musk did not respond to his two-part Twitter confirmation and Tesla representatives did not respond to an email asking for a comment on the post.

The plot and its characters – full of bad guys, heroes and whatever musk is – make for an interesting backstory and possibly a dramatic TV reenactment. For now, readers will have to be content with additional reading in the coverage of the complaint on Wednesday.


Please enter your comment!
Please enter your name here