By on August 28, 2020

A criminal complaint filed this week details a very Cold War-like plot to cripple Tesla from the inside. Federal prosecutors and the automaker claim a Russian “tourist” attempted to coerce an employee of Tesla’s Nevada Gigafactory to infect the company’s system with malware, and in doing so receive a payment of $1 million.

The employee reportedly turned down the offer and squealed on the so-called tourist, leading to an FBI sting operation — as well as this week’s criminal complaint.

As reported by Ars Technica, the criminal complaint filed Tuesday claims Egor Igorevich Kriuchkov traveled from Russia and met up with an unnamed employee of the Gigafactory, initially offering $500,000 for the malware job.

“The purpose of the conspiracy was to recruit an employee of a company to surreptitiously transmit malware provided by the coconspirators into the company’s computer system, exfiltrate data from the company’s network, and threaten to disclose the data online unless the company paid the coconspirators’ ransom demand,” the complaint reads.

Prosecutors claim Kriuchkov plied the employee with booze and chose to discus the most sensitive matters pertaining to the plot while inside a rented car. While the complaint only lists the chosen target as “Company A,” Tesla CEO Elon Musk confirmed via Twitter on Thursday that his company was that target, calling it “a serious attack.”

According to an audio recording made by the employee, the defendant claimed to be working for a “group” that supplied the money.

Industrial espionage is nothing new, but the connected, perhaps overly technical world we live in makes cyber attacks all the more damaging. There’s also an open question of exactly what kind of damage a malware attack on Tesla’s digital infrastructure could yield. Could it have placed Tesla drivers — especially those who make use of the automaker’s Autopilot driver-assist system — in harm’s way? Tesla and Musk aren’t saying.

[Image: IIHS]

Get the latest TTAC e-Newsletter!

Recommended

21 Comments on “From Russia, With Malware? Tesla Thwarts Cyber Attack...”


  • avatar
    Art Vandelay

    In what department did the target work? It is seriously doubtful that just anyone’s desktop workstation would have access to the systems that actually push OTA updates to the vehicles or host firmware for stuff on the production line. Nobody waves that sort of money in front of someone they have simply selected at random. Doesn’t really reek of any of their “official” actors tactics so probably just criminals but then again, there are way easier and cheaper ways to accomplish this sort of thing (Never conducted a Phish that I didn’t get multiple clicks). Could be a really interesting story depending on this targets role.

    Incidentally in the vehicle security world, a Tesla is a very hard target. Knowing what I know of their update process, Their isn’t much chance of any of this effecting the vehicles. Seems like people just trying to extort money and not being especially skilled at the task. I’d be shocked if this was a Russian Government backed entity.

    • 0 avatar
      Vulpine

      @Art Vandelay: There are a few other articles out that gave a little more detail, though didn’t name Tesla specifically. Reportedly, they wanted to install ransomware into the corporate network so they could steal customer records, etc. and extort a few millions (hundreds of millions?) in cash from them.

      • 0 avatar
        Art Vandelay

        @vulpine that’s what I figured, and in this case you’d have a pretty specific target as they’d have to be able to do some high level tasks…I assume Tesla has solid host based stuff in place and you can’t just run around iñstalling random stuff so you’d need someone to deactivate some stuff network wide. If one individual is able to do that (they likely aren’t because Tesla has yet to get popped at that level and you know people have tried), then that person is likely very well paid.

        I haven’t read anything in depth though but these sorts of attacks require sloppy administration and Tesla seems to get stuff like that correct.

    • 0 avatar
      slavuta

      Could easily be a false flag.

      • 0 avatar
        Vulpine

        @slavuta: Unlikely in this case… this whole thing took place over the course of a couple months, starting back in June, and the ‘contact’s’ first appearance was roughly three years ago… I believe in either Russia or the Ukraine.

  • avatar
    Rocket

    Troubling for sure, but it’s good to know that Tesla’s security is such that it was necessary to recruit an insider. Still, can we count on all employees doing the right thing when such a generous carrot is dangled?

    • 0 avatar
      Art Vandelay

      No, you never can count on that. That is why you set up access so that no one person has the keys to the kingdom. Due care and diligence. I don’t know if Tesla does it on corporate networks, but they certainly do on the vehicle systems so I’d imagine they do OK on that front.

  • avatar
    ajla

    They should have sent an attractive lady instead of some guy named Egor.

    • 0 avatar
      Lou_BC

      @ajla – I guess Lev and Igor have nothing better to do right now?

      You are correct thought, some hot chick with large hooters might have been more effective in “loosening up” some techno-geek’s system passwords.

  • avatar
    Lou_BC

    to quote Boney M, “Oh, those Russians”

  • avatar
    SCE to AUX

    “One meeleeon dollars!”

  • avatar
    slavuta

    That day my father and I relaxed on the bench in the park while enjoying the British air of freedom. Suddenly our attention was drawn to a man who was coming towards us from the other side of the alley. Something was strange about him. Possibly T-shirt with letters FSB on the chest, possibly gas mask, but may be – a hat with the ear flaps. In his hand he had an aerosol canister, like the one from deodorant, which had a label – “Gas. Novichok. Liquid for neutralizing of traitors”. When he came really close, he said, “Putin has sent you a message, rat!” and sprayed aerosol liquid straight into my father’s face. We started having shortness of breath and man in a gas mask started to sing Russian Federation anthem. But he couldn’t finish. We’ve heard a honk from the standing van and a yell – “Dmitry, quick, I am being late for meeting with Trump”. A man in the mask yelled back – “ok, ok, Vladimir Vladimirovich” and quickly retreated towards the van.

    • 0 avatar
      Lou_BC

      Wow, that must have been really traumatizing. A brush with “Vlad the sprayer”.

    • 0 avatar
      Old_WRX

      Saw the biggest bumper sticker I’ve ever seen, yesterday. It said “I Hope the Russians Trick Me Into Voting for Trump Again.”

      The whole situation with constant escalation of computing device security is a bit terrifying. There is no reason to assume that the hackers will ever stop upping the sophistication of their game. Which of course means that the defensive efforts can never stop. What this will look like twenty years from now…

      • 0 avatar
        Lou_BC

        @Old_WRX – From what I’ve read, most anti-hacking/anti-virus/malware software functions on “blacklists”. If a new threat is discovered it gets added to the software firewall. The “list” gets longer and longer. Some experts state that a better approach would be for companies to use only “whitelists” i.e. their computers will only communicate with other computers hosting the same security algorithms. I’m not sure how it works but sounds better than chasing down never ending new threats.

        • 0 avatar
          Art Vandelay

          Most large companies whitelist now. I’d be shocked if Tesla doesn’t. Even the government manages to implement it. Application blacklisting is fairly useless.

  • avatar

    It is another reason to defund FBI. FBI agents must be kinder and more caring about poor people. Poor Egor was just trying to do his job and feed his family.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • dantes_inferno: FCA motto: Dodge testing. RAM into production.
  • Schurkey: A few years back, I treated myself to a Challenger 5.7 Hemi rental car for several days when vacationing on...
  • SCE to AUX: I was shocked to see an SSR in the wild the other day. The Hummer EV will do better, but I wouldn’t...
  • SCE to AUX: Yeah, I’ll bet the engineers didn’t think of that. Have you seen the armor plate under the...
  • CaddyDaddy: Ya, but when Dalton got to Missouri and the Roadhouse, the Riv was the one to go with for the Dirty Work.

New Car Research

Get a Free Dealer Quote

Who We Are

  • Matthew Guy
  • Timothy Cain
  • Adam Tonge
  • Bozi Tatarevic
  • Chris Tonn
  • Corey Lewis
  • Mark Baruth
  • Ronnie Schreiber