Home of internet privacy

How a Tesla employee saved the company from a ransomware attack

This post was originally published on September 15, 2020.

The FBI recently announced the arrest of Russian national Egor Igorevich Kriuchkov, charged with a conspiracy to recruit an employee of Tesla and attempt to “introduce malicious software into the company’s computer network, extract data from the network, and extort ransom money from the company.”

The Tesla employee—whose name hasn’t been revealed—worked at the Tesla Gigafactory in Sparks, Nevada. Media reports say the suspect first initiated contact with the employee in 2016 but only started to intensify communication from July this year.

Kriuchkov arrived in the U.S. on a tourist visa on July 28 and rented a car to go meet the Tesla employee in Nevada. Over the course of several meetings, the alleged hacker attempted to gain the employee’s trust by taking him out for dinners and a trip to nearby Lake Tahoe.

Eventually, Kriuchkov revealed his real intentions. He offered the Tesla employee a sum of 1 million USD if he were to assist in introducing malware into the Tesla network.

Prosecutors say the plan was to let the malware spread in order to extract as much data as possible. The next steps would be to force Tesla to pay a ransom or threaten to make the information public. Kriuchkov gave the employee a burner phone for better coordination with all the conspirators and asked him to keep it in airplane mode until after he received his funds.

Loyalties with Tesla

Immediately after the meeting, the Tesla employee alerted his company, which proceeded to inform the FBI. The employee maintained contact with Kriuchkov, however, letting him believe that he was on board with the plot.

The FBI set up a sting operation, with the Tesla employee wearing a wiretap in meetings with Kriuchkov. Precise details of the attacks were discussed, with the in-depth complaint chronicling how the employee was instructed to insert an infected USB stick and keep the machine running for six to eight hours for the malware to inflict maximum damage.

In some of his conversations, Kriuchkov boasted that his hacker group had successfully targeted and extorted other companies in the past. The complaint, however, doesn’t disclose which hacker group Kriuchkov is associated with.

FBI agents continued to surveil Kriuchkov during his stay in the U.S., gathering evidence about his motives. He was finally arrested on August 22 as he attempted to fly out of Los Angeles airport. By this time, the attack’s details had been finalized, with multiple calls and meetings confirming the payments to be made to the Tesla employee and the steps to follow.