Why hack, when you can socially engineer your way in? And why even bother with social engineering, when you can just buy the access you want?
That appears to be the thinking of a least one Russian man, who the FBI arrested and who has been charged with attempting to pay a Tesla Gigafactory employee in Nevada to install malware on the company’s network.
“This was a serious attack,” wrote Tesla CEO Elon Musk.
We reached out to Tesla to confirm Electrek’s reporting but received no immediate response. Even so, the official complaint against 27-year-old Egor Igorevich Kriuchkov presents a detailed look into a modern-day criminal effort to extort a global company.
According to the complaint, Kriuchkov allegedly traveled to Sparks, Nevada, the location of Tesla’s Gigafactory, and rented a hotel room. While there, in early August, he met with an unnamed employee of “Company A” and proposed a “special project.”
Kriuchkov, the complaint alleges, was going to give the employee malware. The employee would then install it on the company’s computers. In an effort to distract the company’s security teams, Kriuchkov and his unnamed co-conspirators would run a distributed denial-of-service (DDoS) attack against the company (which, again, Electrek confirmed is Tesla) while this was all going down. Next, the malware would steal a bunch of info from the company’s computers and send it to Kriuchkov’s co-conspirators, who would then be able to extort the company for millions.
To sweeten the deal, the DOJ says Kriuchkov offered to pay the employee $1 million — in either cash or bitcoin — suggesting the size of the payout Kriuchkov hoped to get from Tesla was substantial.
Pretty simple, right? Well, except for the fact that the unnamed employee wanted nothing to do with it, and at some point started working with the FBI. The criminal complaint details various conversations that the employee had with Kriuchkov, and notes that they were “consensually recorded” — suggesting that the employee wore a wire.
Kriuchkov has been charged with conspiracy to intentionally cause damage to a protected computer and faces the possibility of five years in prison plus a $250,000 fine.
The unnamed Tesla employee, presumably, still has a job.
UPDATE: Aug. 27, 2020, 4:44 p.m. PDT: This story has been updated to include comment from Elon Musk.