You couldn’t make it up. Russian hacker arrested for offering Tesla worker $1 million to install specifically-designed malware onto car maker’s systems
Elon Musk has confirmed that Tesla was targetted in a ‘serious attack’ by a Russian hacker who attempted to bribe an employee to install specially-designed malware.
US authorities this week arrested and charged a Russian national, Egor Igorevich Kriuchkov, who is accused of conspiring to breach the network of an unnamed US company and introduce malware to compromise the company’s networks.
Elon Musk then confirmed that it was Tesla that been targeted, when he tweeted a reply to an article about the attempted cyberattack.
“Tesla employee turns down $1 million, works with FBI, and helps thwart a planned cybersecurity attack on Giga Nevada,” tweeted Teslarati.
“Much appreciated. This was a serious attack,” Musk replied in a tweet.
So what exactly happened?
Well it seems the story is something out of the pages of a spy novel.
In July a Russian-speaking, non-US citizen working at Tesla’s Gigafactory Nevada was contacted by 27 year old Kriuchkov via WhatsApp, asking to meet up.
The two had previously met up in 2016.
The unidentified Tesla staffer reportedly has access to the electric car maker’s computer networks.
Kriuchkov claimed he was travelling to the US for a holiday, and the two arranged to meet on a number of occasions, which included a trip to Lake Tahoe.
After that Lake Tahoe visit, Kriuchkov asked the Tesla employee to meet with him for some “business.”
During that ‘business’ meeting, Kriuchkov apparently took both men’s mobile phones and moved them out of earshot. Kriuchkov explained he worked for a Russian-based hacking group, and they wanted the Tesla staffer to install specially designed malware into Tesla’s internal network.
Kriuchkov then told the staffer that once the malware was installed, a distributed denial of service (DDoS) attack would take place to occupy the attention of the Tesla security team.
This would then allow the hackers to steal corporate data and hold it to ransom until the electric car maker paid up.
Kriuchkov offered the Tesla employee $500,000, which was later raised to $1 million, to be paid in cash or bitcoin.
But unbeknown to Kriuchkov and his hacking buddies, the employee actually reported the planned cybersecurity attack directly to Tesla.
Tesla in turn contacted the FBI, and a sting operation began, with the Tesla employee continuing to communicate with Kriuchkov, trying to get as much information as possible about the hackers’ processes, procedures, and infrastructure.
Kriuchkov reportedly boasted that his hacking team had recently received a ransom worth over $4 million from a high profile company.
Media reports have identified this company as CWT Travel, which according to Reuters paid a ransom of $4.5 million to hackers.
Kriuchkov was arrested as he tried to leave the United States, and now faces up to five years behind bars if found guilty.
A security expert has warned that this case demonstrated the need for organisations to beware the insider threat, who is able to gain physical access to internal systems.
“Some of the biggest threats come from physical access to a network, and the insider threat can be extremely difficult to protect against,” said Jake Moore, cybersecurity specialist at ESET.
“Employees with knowledge coupled with access can be extremely dangerous and create far more problems than external attacks, which highlights the importance of limiting user privileges where possible,” said Moore.
“However, this attack seems to have cleverly just required user rights to place a file on the network – something most employees would have been able to achieve without any alarm bells ringing,” said Moore.
“Whether via a disgruntled employee or through cleverly directed social engineering, this can have devastating consequences,” he concluded. “Although highly unlikely to happen often, awareness and education for all employees is the best defence in mitigating against this sort of bribery.”