Friday, August 28, 2020


Tesla employee bribed with US$1 million helps FBI arrest Russian hackers

Hackers' scheme to hold Tesla's private data for ransom exposed by contact

by DAVID BOOTH | 14 HOURS AGO




The dashboard interior of the semi-autonomous 2018 Tesla Model 3
 Tuesday, April, 2018, at the Consumer Reports Auto Test Track in Colchester, Conn.


There are, it seems, people better than you and I. To wit—

According to Clearance Job, a recruiting agency out of Urbandale, Iowa that specializes in employees with American federal government security clearances, a Tesla employee turned down an offer of US$1 million to help some Russian hackers infiltrate the company’s computer system.

It all started mid-July when Egor Igorevich Kriuchkov, a 27-year-old citizen of Russia in the United States on a travel visa contacted a Russian-speaking foreign national – the name of the employee has not been divulged – working in Sparks, Nevada. Along the way, the employee was wined, dined and then provided with – shades of CSI – a burner phone for secret communications.


The plan, according to the U.S. Department of Justice, was to get the employee “to introduce malware – i.e., malicious software programs designed to damage or do other unwanted actions on a computer system – into the company’s computer network” that would allow Kriuchkov and his co-conspirators access to the company’s system, letting them download data and threaten to make it public. In other words, a typical ransomware scam.

Instead, the employee went directly to Tesla, who subsequently alerted the FBI. Wearing a wire – are we sure this isn’t going to be made into a movie? – the employee was able to record their interactions with Kriuchkov, and on August 22, he was arrested as he attempted to flee from the Los Angeles airport. He was charged, according to the American DOJ, with “one count of conspiracy to intentionally cause damage to a protected computer.”

RELATED

Motor Mouth: Hackers have weaponized a Tesla


Motor Mouth: Hacking a car is far easier than you might think


What’s possibly most interesting about this subterfuge is that despite all the hoopla about susceptibility of automobile companies to over-the-air hacking, this is yet another “denial of service” exploit that (would have) required hands-on intervention to succeed. Like the famous case of Jeep hacking by Charlie Miller and Chris Velasek, Kriuchkov needed a physical connection to the main computer before he could start spoofing the network.

I’m not enough of a computer geek to know whether that is comforting at all, but I can say it frightens the h-e-double-hockey-sticks out of me to know the safety of our networks may depend on people being righteous enough to turn down a million-dollar bribe.

No comments: