Russian tourist offers tesla employee 1 million dollars to cripple tesla with malware

[spartaman64]

Quote

The plan's outline was divulged on Tuesday in a criminal complaint that accused a Russian man of offering $1 million to the employee of a Nevada company, identified only as “Company A,” in exchange for the employee infecting the company’s network. The employee reported the offer to Tesla and later worked with the FBI in a sting that involved him covertly recording face-to-face meetings discussing the proposal.

Quote

Musk: “This was a serious attack”
Until Thursday afternoon, the identity of Company A was uncertain, although there was plenty of Twitter speculation—and several sourceless blog reports—that Tesla’s site in Nevada was the target. In a Tweet responding to one of the unconfirmed reports, Musk wrote: “Much appreciated. This was a serious attack.”

Quote

Tuesday’s charging document, which was filed in federal court in Nevada, detailed an extensive and determined attempt to infect Company A’s network. Defendant Egor Igorevich Kriuchkov, 27, allegedly traveled from Russia to Nevada and then met with the unnamed employee on multiple occasions. When Kriuchkov’s initial $500,000 bid failed to clinch the deal, the defendant doubled the offer, prosecutors said.

Quote

Besides targeting an iconic car maker, the plot is notable for other reasons. One is its sheer audacity and recklessness. As security researcher and reformed teenage cybercrime hacker Marcus Hutchins noted on Twitter: “One of the benefit of cybercrime is criminals don't have to expose themselves to unnecessary risk by conducting business in person. Flying into US jurisdiction to have malware manually installed on a company's network is absolutely insane.”

source: https://arstechnica.com/information-technology/2020/08/russian-tourist-offered-employee-1-million-to-cripple-tesla-with-malware/

 

Makes me wonder what sort of motivation that guy had though maybe he was a short seller . It could have been a really dangerous situation given how tesla can receive over the air updates and have self driving capabilities. 

[givingtnt]

pffft, lazy russians.

[bcredeur97]

stuff like this will get worse as we continue to develop further. 

Imagine writing code to crash everyones car on a certain day. Or cause a specific spacex rocket launch to fail. It's scary. "cyber-terrorism" 

[Tristerin]

His motivation was whatever part of the cut he was trying to get the guy to do it for.  $500,000 means I keep 1.5 mil.  Damn okay 1,000,000 will you do it?

 

 

[TempestCatto]

Serious question: "tourist" or terrorist?

[Radium_Angel]

15 minutes ago, bcredeur97 said:

It's scary.

Naa, it's the plot to the next Jame Bond film...

[Radium_Angel]

9 minutes ago, TempestCatto said:

Serious question: "tourist" or terrorist?

And where did a 27 year old get ahold of 1 million dollars?

And the malware sophisticated enough to wreck (ahem) things at a company known for cutting edge work?

 

[Trik'Stari]

11 minutes ago, TempestCatto said:

Serious question: "tourist" or terrorist?

Journo's seem to have the hardest time using that word, of late.

[Rohith_Kumar_Sp]

25 minutes ago, Tristerin said:

His motivation was whatever part of the cut he was trying to get the guy to do it for.  $500,000 means I keep 1.5 mil.  Damn okay 1,000,000 will you do it?

Reminds me of this 

Five hitmen jailed after each hired the other to carry out murder that was never committed

[Teddy07]

Money upfront and I would have done it. Enough to retire somewhere in the world

[spartaman64]

20 minutes ago, Radium_Angel said:

And where did a 27 year old get ahold of 1 million dollars?

And the malware sophisticated enough to wreck (ahem) things at a company known for cutting edge work?

 

short sellers are really getting out of hand Kappa 

[ARikozuM]

19 minutes ago, Trik'Stari said:

Journo's seem to have the hardest time using that word, of late.

They overused in the 2000's. It's got the same power as any other hot word lately. 

[ApexMeteor]

Poor guy, probably got lost after his visit to Salisbury Cathedral

[Athan Immortal]

This was covered a bit on WAN show if anyone is interested.

 

 

[TomvanWijnen]

1 hour ago, TempestCatto said:

Serious question: "tourist" or terrorist?

Terrourist.

[kirashi]

1 hour ago, Caroline said:

what's the point? the it guys would cut the internet access and restore the backups in less than an hour

 

While you're not wrong, this assumes that Tesla's IT department has been keeping AND testing their backups. Remember kids, if you don't test your backups by simulating a real-world failure, you don't have backups.

[Shreyas1]

Good on that guy to refuse the money and do the right thing.

[Trik'Stari]

2 hours ago, ARikozuM said:

They overused in the 2000's. It's got the same power as any other hot word lately. 

A fair point. Although to be fair there was quite a lot of terrorism going on at the time.

 

This is where I would make a joke that would likely get me banned at least temporarily.

[Kisai]

3 hours ago, spartaman64 said:

source: https://arstechnica.com/information-technology/2020/08/russian-tourist-offered-employee-1-million-to-cripple-tesla-with-malware/

 

Makes me wonder what sort of motivation that guy had though maybe he was a short seller . It could have been a really dangerous situation given how tesla can receive over the air updates and have self driving capabilities. 

I can think of multiple scenarios, but the most likely one is espionage.

 

Short selling would be a lucrative way to blow up a company though.

 

1) install malware

2) tell investment client the company will have a very bad day on X date

3) investment client short sells the company on open

4) company has bad day, setting back company months

5) investment client buys back the shares shorted at a much lower price.

6) Also repeat on earnings.

 

Though if this was going to be a short seller, there are much easier targets to hit.

[Bombastinator]

3 hours ago, TempestCatto said:

Serious question: "tourist" or terrorist?

Tourist visas are easy to get.  He’s probably listed as a tourist because that’s the kind of visa he came in on.   One million is a lot.  It is low enough to make it a possible short seller because there have been some really really big short sellers.  There are a lot of other options though.  The nature of the malware could say what.  Do they have a computer if the malware to see what was planned?  It would be possible to kill a lot of people with the right kind of malware.  Sort of points to a potential problem with the combination of self drive and auto update.  
This could have been the actual purpose.  If the guy gets caught he still creates FUD. 

Could also be a technology theft. 

[Letgomyleghoe.]

I guess the stereotype Russian hacker will never go away like this. Its kinda funny how people think because i'm one of the only Russian people in the school I can give them a free Netflix account.

[straight_stewie]

I've never seen "operative" spelled like "tourist" before.

[Taf the Ghost]

First, that's too low of an offer for what he was asking. Second, China would offer more for code.

 

If this was State Sponsored, it wasn't Russia. Russia is Russia, but they ain't stupid like that. Also, if it was a major State Actor, this would involve hookers, drugs and compromising video. If you can't honeypot someone in Nevada, you're a failure at life.

[Bombastinator]

5 hours ago, Taf the Ghost said:

First, that's too low of an offer for what he was asking. Second, China would offer more for code.

 

If this was State Sponsored, it wasn't Russia. Russia is Russia, but they ain't stupid like that. Also, if it was a major State Actor, this would involve hookers, drugs and compromising video. If you can't honeypot someone in Nevada, you're a failure at life.

Unless of course getting caught was almost as useful as having it work.

[CTR640]

Not sure if 1mil is a lot or not but the IT guy used his common sense and thought it's not worth it considering it's a matter of time before he'll get caught.

Or he gets a very nice monthly salary.

 

And why the hell does that terrourist wants to cripple Tesla? What will that piece of shit gain? There is a good chance the terrourist will lead all of the evidence to the Tesla employee some day.

 

Money is nice but risking important stuff is not worth it. It's very good the IT guy used his healthy common sense.