A young Russian citizen and his co-conspirators came within an inch of carrying out a major ransomware attack against Tesla — unaware that their target had already turned them in.
Last week, the United States Federal Bureau Investigation (FBI) unsealed a criminal complaint against a conspirator in a thwarted ransomware plot against the electric car maker Tesla.
On Aug. 22, the Bureau arrested 27 year-old Russian citizen Pavel Kriuchkov in Los Angeles, who had allegedly spent much of his month in the U.S. attempting to recruit a Tesla staffer at the firm’s Gigafactory Nevada site to collude on a nefarious “special project.”
That “special project” came with a lucrative incentive — a bribe of $500,000, later upped to $1 million. A small advance payment was to have been paid into the staffer’s Bitcoin (BTC) wallet, installed using a Tor browser to evade detection.
In return for the bribe, the staffer was asked to assist in the installation of a targeted malware attack against Tesla — a two-stage plot involving a distributed denial of service attack, followed by an exfiltration of sensitive company data.
The plan was to hold Tesla to ransom under threat of dumping the information publicly. Kriuchkov’s conspirators had their eye on a $4 million ransom.
The hitch was that, soon after Kriuchkov’s first meeting with the staffer, who remains anonymous, the staffer had already alerted Tesla, which, in turn, tipped off the FBI.
A series of August meetings between Kriuchov and the staffer were physically surveilled and wire-tapped by FBI agents. They collected intelligence about the operation and other prior exploits while preparations for the cyberattack were being hatched.
One of the conspirators was, according to Kriuchkov’s communications with the staffer, a hacker specializing in encryption, who allegedly works as a high level employee of a government bank in Russia.
Kriuchkov himself was self-avowedly hazy on the technical aspects of the planned attack, and was ostensibly being paid $250,000 for his recruitment efforts.
In one early meeting, Kriuchkov, the staffer and two of the latter’s friends made an excursion to Lake Tahoe in California. Kriuchkov insisted on footing the bill for the group’s expenses, but shied away from posing in group photos, insisting he could “remember the beauty of the sunset” without a memento.
On Aug. 21, Kriuchov informed the staffer that the attack was being delayed until a later date, and that he would be leaving Nevada the following day. Following his arrest in Los Angeles on Aug. 22, he is now in detention pending trial.
While Tesla is not explicitly named in the FBI’s criminal complaint, Tesla news site Teslarati has confirmed the company was the target. CEO Elon Musk acknowledged the scheme in a tweet:
Much appreciated. This was a serious attack.
— Elon Musk (@elonmusk) August 27, 2020