There’s been some exciting skulduggery going on with Tesla, and I’m not even exaggerating things just so I could finally use the word “skulduggery” in a post. In fact, I think it’s been a solid decade since that word was last used here. But I think it’s justified in the case of a Tesla employee who was offered a million-dollar bribe to introduce malware into Tesla’s Nevada Gigafactory computer networks.
The offer came from a Russian operative of a criminal organisation posing as a tourist. The fake tourist was 27-year-old Egor Igorevich Kriuchkov, who reached out to a Russian-speaking, non-U.S. citizen employee of Tesla in mid-July. Kriuchkov had some contact with the Tesla employee back in 2016, according to the FBI’s legal complaint describing the incident.
Kriuchkov arranged to meet with the employee under the pretense of a visit to California and stated he’d be willing to come to Nevada to visit the Tesla employee.
Kriuchkov met with the employee and some of the employee’s friends in Lake Tahoe, where Kriuchkov generously paid for food and plenty of booze and generally had a good time with the group, though he was reluctant to take any pictures with his new friends.
As the FBI’s complaint explains (CHS1 refers to “Confidential Human Source,” or, as we’d call him, the Tesla employee):
CHS1 noted to agents that, during these excursions, KRIUCHKOV expressed a desire not to be in any photos. For instance, CHS1 reported that, while they were at Lake Tahoe, there was a beautiful sunset, and KRIUCHKOV was resistant to posing with the group. KRIUCHKOV stated he would just remember the beauty of the sunset and did not need a photograph. Eventually, KRIUCHKOV reluctantly agreed to pose with the group. CHS1 also reported CHS1could not remember KRIUCHKOV using his own phone to take any pictures.Through my training and experience, I know that individuals involved in criminal activity often take efforts not to leave evidence about their locations, including avoiding surveillance cameras and not taking photographs.
CHS1 also noted to agents that KRIUCHKOV paid for all the group’s activities during the trips to Emerald Pools and Lake Tahoe. CHS1 reported that KRIUCHKOV claimed he had gambled at the hotel and had won some money. KRIUCHKOV stated he wanted to use that money to pay for the expenses incurred by his hosts. Through my training and experience I know individuals involved in intelligence collection and/or criminal activity often spend extravagantly on individuals they are attempting to recruit and/or co-opt for participation in criminal activity
Later, Kriuchkov approached the employee alone and explained that he worked for a “group” that undertook “special projects,” and for this special project he’d need the employee’s help. The special project he had in mind was infecting the Tesla Gigafactory’s computer networks with a custom-developed bit of malware, for which they would need the employee to gain access to the network for installation.
After initially offering $US500,000 ($676,550), Kriuchkov eventually upped the ante to $US1 ($1.4) million dollars. And, since I know you’re already thinking it, let’s just get this out of the way now:
Feel better? I do.
There’s also a little more sinister element here, as when the Telsa employee expressed concerns about the malware being traced to him, Kriuchkov responded that his organisation could
“…attribute the attack to another person at Victim Company A [Tesla], should there be “someone in mind CHS1 wants to teach a lesson.”
The malware in question would have first performed a denial of service attack as a distraction for Tesla’s cybersecurity team, while a following stage of the attack would pull sensitive data from the network, which would later be ransomed back to Tesla by Kriuchkov’s organisation. Similar attacks by the organisation on other companies were said to have pulled ransoms between $US4 ($5) million and $US6 ($8) million.
We know about this because the employee did not take that bribe and instead reported what happened to security at Tesla, who reached out to the FBI, who worked with the employee to help catch Kriuchkov. The employee wore a wire in meetings where he attempted to get as much information as possible.
The information gathered gave the FBI enough cause to arrest Kriuchkov on August 22 as he was attempting to return to Russia from Los Angeles.
The fact that Kriuchkov was even in America to attempt this ambitious bit of cybercrime is unusual; normally, the appeal of cybercrime is that it doesn’t involve travel at all — usually attacks like this are attempted remotely, from the safety of being half a world away.
Former hackers have noted this strange situation:
Wow, so turns out the Russian who was arrested in the US after meeting an unnamed company employee in person, offering them $1m in return for installing malware on their employers network was targeting Tesla's Gigafactory. https://t.co/bwOhuegWGq https://t.co/BedmqGJ5Af
— MalwareTech (@MalwareTechBlog) August 27, 2020
And, as you can see in the reply to that tweet, Elon himself weighed in to confirm the attempted attack and that it was indeed “serious.”
As long as there are computers, there will be hackers attempting to infiltrate those machines. While this appeared to just be a data hijacking and ransom attempt, with modern cars, especially Teslas that incorporate advanced Level 2 semi-autonomous features, there’s a potential for malware and hackers to cause even greater damage.
Luckily, this time Tesla had a loyal employee who wasn’t swayed by greed and who did the right thing. I hope Elon gives him a new Model 3 or something, at least; he saved the company from what would have been a colossal problem.