A Tesla employee was offered a $1 million bribe in early August to install ransomware on the car company’s networks in Nevada, a scheme that could have netted a cybercrime gang many more millions in extortion, according to a newly unsealed US Justice Department indictment (pdf).
Egor Igorevich Kriuchkov, a 27-year-old Russian, came to the United States in July and began sending WhatsApp messages to an employee of a US company he’d first met years earlier, US law enforcement says. The two met in person a few days later and Kriuchkov began to pitch a “special project,” first for a payment of $500,000 and then $1 million in cash or Bitcoin: either open a malicious email attachment or use an infected USB stick to infiltrate the company’s networks, according to the indictment.
Tesla’s Nevada-based Gigafactory was the target of the hackers, Tesla CEO Elon Musk confirmed on Twitter. He called it a “serious attack.” The US Federal Bureau of Investigation became involved early on when the Tesla employee alerted it to Kriuchkov’s plan. Insider threats, where a company’s own employee carries out a cyberattack against it, are an especially pernicious and subtle form of hacking.
The Tesla employee, a Russian-speaking immigrant, told the FBI that Kriuchkov said the ransomware cost $250,000 to develop. The program would steal Tesla’s files and threaten to release the data unless an enormous ransom was paid.
Ransomware is a tried-and-true criminal business model that generates millions of dollars in revenue every year. Ransomware gangs regularly target businesses big and small by crippling computers and stealing data, and often come away with multimillion-dollar paydays when victims see no other way out but to pay the ransom. The criminal ransomware business has been growing for years, and the hackers are fully professional: American travel firm CWT recently paid $4.5 million in ransom, leaked logs showed, after hackers knocked 30,000 computers offline and conducted a lengthy negotiation with the corporation.
Kriuchkov’s trip around the world makes his scheme uniquely risky—and potentially rewarding—compared with more common remote attacks. He allegedly told the Tesla employee that insider threats were normal for his gang: they’d pay employees to install malware on employers’ networks and then launch a denial-of-service attack to disguise the theft of valuable data. For years, he said, they’d carried out attacks like this and handled payments on a well-known hacking forum.
The gang was so successful, according to the indictment, that Kriuchkov said the Tesla scheme would have to be delayed while most of its attention was on another ransomware victim.
Kriuchkov was arrested by the FBI in Los Angeles after being contacted by the bureau, driving all night, and trying to leave the United States, according to the Justice Department.