Strap yourselves in folks because this story could’ve been plucked from an episode of your favourite spy series.
Earlier this week Ars Technica reported on a criminal complaint involving one Egor Igorevich Kriuchkov. A Russian citizen, Kriuchkov met with an employee at an unknown firm with a view to entice said employee to install malware on that firm’s system.
Now it has come to light that the company in question was Tesla and the target was Tesla’s Gigafactory in Nevada.
This was confirmed when Tesla co-founder Elon Musk took to Twitter in the early hours of Friday morning.
Much appreciated. This was a serious attack.
— Elon Musk (@elonmusk) August 27, 2020
So what happened?
On 16th July, Kriuchkov sent a WhatsApp message to an employee at Tesla with the purpose of arranging a visit. The Russian then arrived in the US on 28th July, purchased a cellphone, rented a car and drove from San Francisco, California to Reno, Nevada.
There Kriuchkov met with the Tesla employee and started what can best be described as a honeypot.
Special agent for the Federal Bureau of Investigation, Michael Hughes, provided the following statement in court filings. Just a note, references to CHS1 mean “confidential human source one”.
“In August 2020, Victim Company A advised the FBI that a Russian male, identified only as ‘Egor’ had offered to pay a Victim Company A employee (CHS1)1 US$500,000 to introduce computer malware2 into the network of Victim Company A. ‘Egor’ claimed the malware would provide ‘Egor’ and his associates with access to the system. ‘Egor’s’ associates would then extract data from the network and threaten to make the information public if the Victim Company A did not agree to pay a ransom,” states Hughes.
What follows is a recount of a glorious display of courting in which Kriuchkov paid for trips to Emerald Pools near Nevada City and South Lake Tahoe in California.
On 3rd August the Tesla employee and Kriuchkov met at a restaurant before heading to a bar where the Russian made his plans known.
“CHS1 reported to agents that, at the bar, CHS1 observed Kriuchkov take his cellular phone and place it on top of CHS1’s cellular phone before placing the stacked phones arm’s length away from the pair. At that point, Kriuchkov stated his true reason for traveling to the United States was to visit CHS1. Kriuchkov stated he worked for a ‘group’ that works on ‘special projects.’ Kriuchkov went on to explain that the ‘group’ pays employees of target companies to introduce malware into the target company’s computer system. Kriuchkov said the ‘group’ has performed these ‘special projects’ successfully on multiple occasions, and identified some of the targeted companies,” the FBI special agent recounted.
While the Tesla employee was initially offered $500 000 to introduce malware into Tesla’s network that number grew to as much as $950 000 as Kriuchkov tried to influence the employee.
What makes all of this even more bizarre and incredulous is the gall of Kriuchkov.
Not only did their “group” try to bribe their way into Tesla, they went so far as to travel into the US, meet the employee, wine and dine them and then ask them to participate in a crime.
It feels almost like this entire incident was plucked from Mr Robot but left behind because the hackers ultimately get caught.
You can find the full unsealed court filing here and it is one helluva read. We look forward to the inevitable screenplay for this film.[Image – CC 0 Pixabay]