Tesla worker thwarts alleged ransomware plan

To review this article, select My Profile and then View Recorded Stories.

Andy Greenberg

To review this article, select My Profile and then View Recorded Stories.

Earlier this month, according to a recently revealed criminal complaint, a 27-year-old Russian, Egor Igorevich Kriuchkov, met a former associate who now works at Tesla at a bar in Reno. They drank until the last call. At one point in the night, the FBI said, Kriuchkov picked up the person’s phone, placed it alone and placed the two devices at a distance, the universal signal that he was about to say something only to his ears. He then invited the Tesla worker to collaborate with a “group” that performs “special projects.” Specifically, he introduced staff $500,000 to install malware on his employer’s network that would be used to rebur his knowledge for millions of dollars.

Just weeks after Reno’s meeting, FBI agents arrested Kriuchkov in Los Angeles while, according to the Justice Department, he was looking to flee the country. His recruitment plan failed, according to the complaint, when the worker reported that Kriuchkov would be offering the company, which in turn alerted the FBI, which led the workplace to monitor Kriuchkov and arrest him soon after.

Since Tesla’s “Gigafactory” production facility is located outside Reno, Sparks, Nevada, the hypothesis promptly targeted Tesla as the most likely target of the attack. On Thursday night, Tesla founder Elon Musk showed it, in typical casual style, on Twitter. “Much appreciated,” Musk wrote in reaction to a report on the Tesla Teslarati news site that he knew Tesla as the target of the ransomware attack attempt. “It’s a serious attack.” Tesla itself did not respond to a request for comment.

Despite the satisfied ending, all thanks to a Tesla worker willing to reject a suspected giant bribe, the attempted ransomware attack on such a giant target shows how braugy ransomware groups have become, says Brett Callow, threat analyst at cybersecurity firm Emsisoft. “That’s what happens when you give billions to ransomware groups. If they can’t access a network through their old methods, they can simply buy their tickets. Or try. Tesla was lucky,” Callow says. “The result may have been very different.”

According to the FBI, Kriuchkov met with Tesla’s staff member for the first time in 2016 and reconnected with him via WhatsApp in July. During the first two days of August, he took the staff member to Emerald Pools in Nevada and Lake Tahoe, checked the eyelashes and referred to appearing in the photos, according to court documents, perhaps to avoid leaving a trace of his travels. The next day, Kriuchkov took his Tesla touch to a Bar in Reno and made the offer: part of a million dollars in money or bitcoins to install malware on Tesla’s network, either a USB stick or by opening the malicious attachment of an email. Kriuchkov reportedly told Tesla staff member that the organization he was running would borrow Tesla’s knowledge and keep him as a ransom, threatening to empty it publicly if the ransom was not paid.

Some time after that first meeting, The Tesla staff member alerted his employer and the FBI began tracking down and recording upcoming meetings with Kriuchkov. Throughout August, Kriuchkov allegedly tried to convince Tesla staff by expanding the bribe to $1 million and arguing that the malware would be encrypted so that it would not be traced back to the staff member who installed it. In addition, to distract Tesla workers’ security force with the installation of the ransomware, the gang would conduct a distributed denial-of-service attack, bombarding Tesla’s servers with unwanted traffic.

In fact, Kriuchkov allegedly claimed that some other infiltrators who had used in some other company had not yet been arrested after three and a half years. Prosecutors say Kriuchkov even went so far as to recommend that they simply frame some other Tesla staff worker for piracy, someone he was looking for to “teach a lesson.”

During those conversations, the FBI stated that Kriuchkov had also noticed that he and the organization with which he was addressing would negotiate the ransom with his victims. For example, they had asked a company for $6 million, Kriuchkov said, but in the end they settled for $4 million; the criminal’s complaint does not reveal who this victim society might have been.

A few weeks after that first contact, Kriuchkov told Tesla that Tesla’s operation had been suspended due to the failure of some other ongoing scoring attempt. This insider was unable to install the malware, Kriuchkov said, and asked the Tesla source to wait for additional communications before continuing with its own malware installation. Kriuchkov and went to Los Angeles, where the FBI arrested him.

The insider recruitment that Kriuchkov and his collaborators have tried is a well-known tactic in global intelligence and the global cybercriminals. A Dutch mole at the Iranian nuclear enrichment facility in Natanz helped plant the NSA and Israel’s Stuxnet malware, for example. SIM card exchange systems designed to take control of victims’ phone numbers have also used deceptive workers within telephony companies.

“If they can’t access a network through their same old methods, they can simply buy their ticket. Or check to do it.”

Brett Callow, Emsisoft

But this kind of internal trick is rarer among ransomware gangs, says Katie Nickels, chief intelligence officer of security company Red Canary. “This accusation is the first one I hear of a insider-enabled ransomware attack,” he said. But she says that as the scourge of ransomware grows, with its benefits, teams adopt more ambitious tactics. “This is a component of a broader issue of conflicting parts of ransomware that are actually its game.”

Nickels adds that, despite Tesla’s good luck in thwarting the ransomware team’s internal recruitment, the case nonetheless deserves to serve as an uplifting narrative. This would possibly recommend that network advocates deserve the option that not only attackers outside the firewall, but also internal malicious workers, are possibly the source of an attack. “It’s a substitute for the game for defenders.” Before today, I wouldn’t have recommended that corporations come with an internal attacker who installed ransomware on their risk model,” he says. Now everyone has to replace the way they think. If we know this case that has been documented, there may be more.”

WIRED is where it is done. It is the essential source of data and concepts that give meaning to a coherent global transformation. The WIRED verbal exchange illustrates how generation is turning each and every facet of our lives: from culture to business, from science to design. The advances and inventions we notice lead to new thinking tactics, new connections and new industries.

Leave a Comment Cancel Reply