‘Was this, perhaps, an act of espionage dressed up to look like extortion? Was the real objective to obtain Tesla’s [intellectual property]?
Tesla worker turned down a $1 million incentive, working closely with the FBI, and thwarting a planned cybersecurity attack against the electric car maker
FBI Tuesday arrested a Russian ‘tourist’ who ‘offered a Tesla employee $1 million to install malware in company computers to steal data in extortion scheme’
Egor Igorevich Kriuchkov, 27, was arrested on Aug 22, in Los Angeles
FBI said he tried to bribe a Tesla employee in Nevada to infect his employer’s computers, but his target reported the overtures to his employer, who contacted feds
He’d reached out to the employee from Russia in 2016 before making the personal trip to US in July
Kriuchkov boasted to his ‘new recruits’ of the list of companies that his hacker group had similarly targeted and extorted millions in the past
Tesla CEO Elon Musk confirms Tesla was the target and says it was ‘a serious attack’
Goal of the scheme ostensibly was to steal Tesla data and extort money, some analysts however, doubt this was a mere extortion scheme based on the modus operandi
The FBI Tuesday arrested a man identified as a ‘Russian tourist in America’, who investigators say offered a Tesla employee $1 million to infect company computers with malware in a scheme to steal data and extort payment from the company.
Russian citizen Egor Igorevich Kriuchkov, 27, was arrested last week in Los Angeles and federally charged with conspiracy to damage a protected computer, after the Tesla employee alerted the company and the FBI.
The criminal complaint filed by feds suggests that the attempted cybersecurity attack is no ordinary hacking attempt, that it may very well be part of a well-financed, organized, scheme.
Tesla founder Elon Musk on Thursday confirmed that the target of the cyber breach was Tesla, which had been identified in charging documents only as ‘Victim Company A.’
‘This was a serious attack,’ Musk said in a tweet responding to an article by Teslerati identifying the electric car maker as the foreign hacker group’s target.
According to prosecutors, the Russian first had ‘contact’ with the male Tesla employee in 2016, but had not been in touch until recently sending a WhatsApp message saying that he planned to visit the U.S.
Kriuchkov arrived in the United States on a tourist visa on July 28, rented a car in San Francisco and drove to Sparks, Nevada, the location of Tesla’s Gigafactory 1.
The pair met several times, with the Russian treating the employee to drinks and lavish dinners, and going on an excursion to Lake Tahoe, the complaint states.
The Tesla employee, some colleagues, and Kriuchkov met socially from August 1-3, which included a trip to Lake Tahoe.
Kriuchkov reportedly evaded being caught by camera lenses during the trip. At one point when the group was taking a photo during a picturesque sunset, Kriuchkov reportedly remarked that he would “just remember the beauty of the sunset and did not need a photograph.”
After the relatively harmless Lake Tahoe trip, the Russian asked the Tesla employee to meet with him for some “business.”
Eventually, the Russian revealed that he was working on a ‘special project’ and offered to pay the Tesla employee $1 million to assist.
Prosecutors say that Kriuchkov’s ‘special project’ was to introduce malware into the company’s computer network. The malware would supposedly provide Kriuchkov and his co-conspirators with access to the company’s system, allowing them to extract data from the network and then threaten to make the information public, unless the company paid their ransom demand.
Investigators say that Kriuchkov provided the employee with a burner phone to communicate with other unidentified members of the plot, and instructed him to leave the burner phone in airplane mode until after the money was transferred.
But instead of taking the money, the employee alerted officials at Tesla, who contacted the FBI.
The Tesla employee, wearing a wire from the FBI, met with Kriuchkov on August 19.
The Russian agreed to pay an advance of $11,000 to his newly recruited security vector.
Two days later, on August 21, the Tesla employee was contacted by the hacker once more, who stated that the project was being “delayed” and all payments relating to the plan would not be transferred until a later date. Kriuchkov also informed the Tesla employee that he was leaving the area the following day.
Meanwhile the FBI agents were able to track the hacker, who, drove overnight from Reno, Nevada to Los Angeles in what appeared to be an attempt to flee the United States. He was arrested the next day.
According to the FBI, Kriuchkov rented a car in San Francisco and drove to Sparks, Nevada, the location of Tesla’s Gigafactory 1, according to a criminal complaint
Contacted, FBI now had Kriuchkov agents were surveilling as Kriuchkov met with the employee again, and boasted of the list of companies that his hacker group had similarly targeted and extorted in the past, according to the complaint.
It is not immediately clear which hacker group Kriuchkov is allegedly associated with, but cybersecurity experts say that certain ransomware groups, such as Evil Corp, are believed to act as contractors for the Russian government, raising the possibility that Kriuchkov could potentially provide valuable information to U.S. counterintelligence officials.
Experts also say that traveling to the U.S. to bribe an employee is a very unusual method for foreign hacker groups, raising the possibility that the scheme was more than the extortion scam it purported to be.
‘Cybercrime groups make billions from the (relative) safety of their own countries, so why did one choose to stick its neck out in the case of Tesla and come to the US to attempt face-to-face bribery?’ asked Brett Callow, a threat analyst with cybersecurity firm Emsisoft.
He continued: ‘Was this, perhaps, an act of espionage dressed up to look like extortion? Was the real objective to obtain Tesla’s [intellectual property]?