Often the events that transpire inside an organization may be as thrilling and nail-biting as the most famous fictional thrillers. Such a scenario recently played out in Tesla’s case when a worker in Gigafactory Nevada ended up turning down an offer of $1 million, working closely with the FBI, and thwarting a proposed cybersecurity attack against the electric car manufacturer.
The Department of Justice this Tuesday confirmed the arrest of Egor Igorevich Kriuchkov, a Russian citizen accused of plotting to crack a US company’s network and install malware to hack the networks of the same company. Media reports have described the U.S. corporation as the Tesla electric car manufacturer. Interestingly enough, a criminal complaint lodged by the FBI Las Vegas Field Office indicates that the alleged cybersecurity attack is no ordinary hacking attempt — it could very well be part of a well-funded, coordinated, scheme.
The Plan Begins
The remarkable story started when Kriuchkov approached a Russian-speaking, non-US citizen who was working at Tesla’s Gigafactory Nevada. The employee, whose name is not known, has access to computer networks of the electric car manufacturer. The Russian citizen contacted the Giga Nevada employee via WhatsApp on July 16th, asking to meet him in Sparks, Nevada. As noted in a study from Clearance Jobs, the fact that Kriuchkov approached a Russian-speaking, non-US citizen working at Gigafactory Nevada indicates that their research was well performed by the team behind the cyber-attack.
The Tesla employee, several friends, and Kriuchkov met socially from August 1-3, including a trip to Lake Tahoe. Interestingly enough, Kriuchkov has reportedly refused to be present on any pictures taken during the journey. At one point when the group took a photo during a picturesque sunset, Kriuchkov reportedly remarked that he would “just remember the beauty of the sunset and did not need a photograph.” After the fairly harmless trip to Lake Tahoe, the Russian citizen asked the Tesla employee to meet him for some “business.”
Down To “Business”
Kriuchkov revealed his hand during their “business” meeting. The scheme included the introduction of malware given by Tesla employee Kriuchkov and his associates into the systems of the electric car manufacturer. A distributed denial of service (DDoS) attack will occur after the malware is installed which could allow the hackers to dominate the Tesla Information Security Team. The malware will also allow the hackers to steal corporate and network data, which would hold ransom until the electric car maker pays up. The Gigafactory Nevada employee will receive $500,000 for his role in the scam, later increased to $1 million, payable in cash or bitcoin.
Unfortunately for Kriuchkov and his team, the Giga Nevada employee actually reported the planned cybersecurity attack on Tesla, which, in turn, contacted the FBI. The FBI stepped in, and the Tesla employee started to interact with Kriuchkov with the help of the department, trying to get as much information as possible about the systems, procedures and infrastructure of the hackers. The efforts proved successful. In one conversation, the hacker allegedly boasted that a high-profile corporation recently offered his team a ransom worth more than $4 million. Leaks later would disclose that the business involved was CWT Travel, which allegedly charged a $4.5 million ransom.
The Plan Falls Through
The Tesla employee, wearing an FBI wire, met with Kriuchkov during a meeting on August 19th. The hacker agreed to pay the Giga Nevada worker $11,000 in advance. Two days later, on August 21st, the hacker again contacted the Tesla employee, who claimed that the project was being “delayed” and that all payments related to the program would not be transferred until a later date. Kriuchkov also informed the Tesla employee that he was leaving the area the following day. The FBI was able to get in contact with the hacker behind the scenes, who turned up overnight from Reno, Nevada to Los Angeles in what seemed to be an effort to escape the United States.
Kriuchkov was unsuccessful, having been detained in Los Angeles on August 22, 2020. Currently, the hacker is in jail awaiting trial. Fortunately for Tesla, the company was able to get away from what could have been a serious cybersecurity attack, and it has one employee to thank for it. After all, it takes a lot to say no to a $1 million offer, because some have sacrificed far more for much less.
Read the FBI’s complaint against Kriuchkov here.
Reported by Teslarati.
Want to buy a Tesla Model 3, Model Y, Model S, or Model X? Feel free to use my referral code to get some free Supercharging miles with your purchase: http://ts.la/guanyu3423
You can also get a $100 discount on Tesla Solar with that code. Let’s help accelerate the advent of a sustainable future.