Sometimes, the events that transpire inside a company could be just as exciting and nail-biting as the most popular thrillers in fiction. In Tesla’s case, such a scenario recently played out, as a worker in Gigafactory Nevada ended up turning down a $1 million incentive, working closely with the FBI, and thwarting a planned cybersecurity attack against the electric car maker.
This Tuesday, the Department of Justice announced the arrest of Egor Igorevich Kriuchkov, a Russian citizen accused of conspiring to breach the network of a US company and introduce malware to compromise the said company’s networks. Media reports about the incident have identified the US company to be electric car maker Tesla. Interestingly enough, a criminal complaint filed by the FBI Las Vegas Field Office suggests that the attempted cybersecurity attack is no ordinary hacking attempt — it may very well be part of a well-financed, organized, scheme.
THE PLAN BEGINS
The remarkable story began when a Russian-speaking, non-US citizen working at Tesla’s Gigafactory Nevada was contacted by Kriuchkov. The employee, whose identity has not been revealed, has access to the electric car maker’s computer networks. On July 16, the Russian citizen contacted the Giga Nevada employee through WhatsApp asking to meet with him in Sparks, Nevada. As noted in a report from Clearance Jobs, the fact that Kriuchkov approached a Russian-speaking, non-US citizen working at Gigafactory Nevada suggests that the team behind the cyberattack attempt has done their research well.
The Tesla employee, some colleagues, and Kriuchkov met socially from August 1-3, which included a trip to Lake Tahoe. Interestingly enough, Kriuchkov reportedly declined to be present in any photos that were taken during the trip. At one point when the group was taking a photo during a picturesque sunset, Kriuchkov reportedly remarked that he would “just remember the beauty of the sunset and did not need a photograph.” After the relatively harmless Lake Tahoe trip, the Russian citizen asked the Tesla employee to meet with him for some “business.”
DOWN TO “BUSINESS”
During their “business” meeting, Kriuchkov revealed his hand. The plan involved the Tesla employee inserting malware provided by Kriuchkov and his associates to the electric car maker’s systems. After the malware is inserted, a distributed denial of service (DDoS) attack would occur that could allow the hackers to occupy the Tesla information security team. The malware would also allow the hackers to extract corporate and network data, which would be held ransom until the electric car maker pays up. For his participation in the ploy, the Gigafactory Nevada employee would receive $500,000, later raised to $1 million, to be paid in cash or bitcoin.
Unfortunately for Kriuchkov and his team, the Giga Nevada employee actually reported the planned cybersecurity attack on Tesla, which, in turn, contacted the FBI. The FBI stepped in, and with the agency’s help, the Tesla employee continued to communicate with Kriuchkov, trying to get as much information as possible about the hackers’ processes, procedures, and infrastructure. The efforts proved fruitful. In one conversation, the hacker reportedly boasted that his team had recently received a ransom worth over $4 million from a high profile company. Later reports would reveal that the company in question was CWT Travel, which reportedly paid a ransom of $4.5 million.
THE PLAN FALLS THROUGH
During a meeting on August 19, the Tesla employee, wearing a wire from the FBI, met with Kriuchkov. The hacker agreed to pay an advance of $11,000 to the Giga Nevada worker. Two days later, on August 21, the Tesla employee was contacted by the hacker once more, who stated that the project was being “delayed” and all payments relating to the plan would not be transferred until a later date. Kriuchkov also informed the Tesla employee that he was leaving the area the following day. Behind the scenes, the FBI was able to get in touch with the hacker, who, in turn, drove overnight from Reno, Nevada to Los Angeles in what appeared to be an attempt to flee the United States.
Kriuchkov was unsuccessful, as he was arrested on August 22, 2020 in Los Angeles. The hacker is currently being detained pending trial. Fortunately for Tesla, the company was able to get away from what could have been a serious cybersecurity attack, and it has one employee to thank for it. It takes a lot, after all, to say no to a $1 million reward, as others have compromised more far more for far less.
Read the FBI’s complaint against Kriuchkov below.