Tesla's Nevada Gigafactory was the target of a concerted conspiracy to cripple the company's network with malware, CEO Elon Musk confirmed Thursday afternoon.
The draft of the plan was released on Tuesday in a criminal complaint accusing a Russian man of offering $ 1 million in exchange for the employee of a Nevada company identified only as "Company A" Employee who infects the company's network. The clerk reported the offer to Tesla and later worked with the FBI on a sting where he covertly recorded face-to-face meetings discussing the proposal.
"The purpose of the conspiracy was to recruit an employee of a company who would clandestinely transfer the malware provided by the co-conspirators into the company's computer system, filter data from the company network, and threaten to disclose the data online unless the company did." Demand the ransom of the co-conspirators paid, ”the prosecutor wrote in the complaint.
Musk: "This was a heavy attack"
By Thursday afternoon, Company A's identity was uncertain, despite much Twitter speculation and several open source blog reports that Tesla's Nevada website was the target. In a tweet in response to one of the unconfirmed reports, Musk wrote, “Much appreciated. That was a heavy attack. "
Very appreciated. This was a severe attack.
– Elon Musk (@elonmusk) August 27, 2020
The indictment filed Tuesday in federal court in Nevada contained a sweeping and determined attempt to infect Company A's network. Defendant Egor Igorevich Kriuchkov, 27, allegedly traveled from Russia to Nevada and then met with the unnamed employee several times. When Kriuchkov's original bid of $ 500,000 failed to close the deal, the defendant doubled the offer, prosecutors said.
Eating, drinking and drinking
According to the complaint, Kriuchkov tasted, ate and drank the employee and had conversations in cars when discussing particularly sensitive details. When FBI agents were unable to conduct physical surveillance in restaurants or bars, the agent recorded them.
An alleged meeting took place on August 7 in a car that Kriuchkov had rented. The prosecution named the employee CHS1 – short for Confidential Human Source # 1 – and described him as follows:
During this meeting, which the FBI had consensually recorded, KRIUCHKOV reiterated some details of the criminal activities previously suggested to CHS1. KRIUCHKOV described the malware attack as before, adding that the first part of the attack (DDoS attack) would be successful for the "group", but the victim company's security officers believed the attack had failed. KRIUCHKOV again listed previous companies that the "group" had targeted. KRIUCHKOV stated that each of these target companies had one person employed by the companies that installed malware on behalf of the "group". To allay CHS1 concerns about being caught, KRIUCHKOV claimed that the oldest “project” the “group” worked on took place three and a half years ago, and that the “group” co-op was still working for the company . KRIUCHKOV informed CHS1 that the "group" had technical staff who would ensure that the malware could not be traced back to CHS1. In fact, KRIUCHKOV claimed the group could attribute the attack to someone else at victim company A in case there was someone who wanted to teach CHS1 a lesson.
During the meeting, CHS1 expressed how concerned and stressed CHS1 was about the request. CHS1 stated that if CHS1 agreed to install the malware, CHS1 would need more money. KRIUCHKOV asked how much and CHS1 replied $ 1,000,000. KRIUCHKOV agreed to the request and said he understood but had to contact the "group" before accepting the request. KRIUCHKOV confided that the "group" KRIUCHKOV paid $ 500,000 for his participation in CHS1's installation of the malware, and he agreed to give CHS1 a significant portion of the payment ($ 300,000 to $ 450,000) in order to to encourage its participation.
CHS1 said CHS1 would need money upfront to make sure KRIUCHKOV doesn't make him install the software and then don't pay him. Again, KRIUCHKOV asked how much, and CHS1 replied $ 50,000. KRIUCHKOV said this was an acceptable amount and a reasonable request, but he needed to work on it because he only had $ 10,000 on him due to U.S. customs restrictions on the amount of money he could bring into the country. KRIUCHKOV also asked what would prevent CHS1 from taking the pre-payment and not continuing to install the malware. CHS1 stated that CHS1 was certain that KRIUCHKOV or the "group" would find a way to leverage CHS1 to ensure that CHS1 upholds its end of the agreement. CHS1 and KRIUCHKOV discussed the timing of the next meeting, and KRIUCHKOV said he would return to Reno on or about August 17, 2020.
Aside from targeting a legendary automaker, the plot is notable for other reasons. One thing is his boldness and ruthlessness. Security researcher and reformed juvenile cybercrime hacker Marcus Hutchins commented on Twitter: “One of the benefits of cybercrime is that criminals don't have to expose themselves to unnecessary risk by doing their business in person. It is absolutely insane to fly to US jurisdiction to manually install malware on a company's network. "
One of the benefits of cybercrime is that criminals don't have to expose themselves to unnecessary risk by doing their business in person. It is absolutely insane to fly to US jurisdiction to manually install malware on a company's network.
– MalwareTech (@MalwareTechBlog) August 27, 2020
One terrifying observation from Craig Williams, Director of Outreach as Cisco's security arm, Talos Labs, was what could have happened if the conspiracy had succeeded.
"This calls into question the additional risk if the system responsible for your self-driving car comes under the control of an attacker – through a malicious insider or otherwise," he wrote. "The whole thing is extremely exciting and worrying."
I suppose this means my guess was correct. This calls into question the added risk if the system in charge of your self-driving car comes under the control of an attacker – through a malicious insider or otherwise. The whole thing is extremely exciting and worrying. https://t.co/oYKnDWKem1
– Craig Williams (@security_craig) August 28, 2020
Musk didn't respond to his Twitter confirmation in two sentences, and Tesla representatives didn't respond to an email asking for a comment on the post.
The plot and its characters – full of villains, heroes, and whatever Musk is – make for an interesting backstory and possibly a dramatic TV reenactment. For now, readers will have to be satisfied with additional information in the coverage of the complaint on Wednesday.