Our mission to help you navigate the new normal is fueled by subscribers. To enjoy unlimited access to our journalism, subscribe today.
A team of Russian hackers offered $1 million to an employee from Tesla’s Nevada factory for installing malware on the company’s computers to steal sensitive data. Instead, the employee called the FBI, leading to the arrest of one of the hackers this week, according to newly unsealed court documents.
Tesla CEO Elon Musk said in a tweet on Thursday that the FBI arrest was “much appreciated” and that the plot targeting the Gigafactory in Sparks, Nev., was “a serious attack.” In discussions monitored by the FBI, the hackers said they had hoped to extort $4 million from Tesla via the plot. It’s a common occurrence—the FBI said businesses and individuals lost $3.5 billion to hackers last year.
The court documents revealed a well-organized, six-week effort by the Russian hackers to recruit the unnamed Tesla employee, identified only as a Russian immigrant to the U.S. with no criminal record of any kind.
The member of the Russian team who was arrested, named Egor Igorevich Kriuchkov, first made contact with the employee, whom he had met years earlier, on July 16 via WhatsApp. Two weeks later, Kriuchkov traveled to San Francisco, rented a Toyota Corolla from Hertz, and drove to Nevada in an effort to coax the employee to install the malware program.
After hanging out together for a few days and doing touristy things like visiting Lake Tahoe, on the evening of Aug. 3, Kriuchkov revealed his true plans to the Tesla worker.
The pair had dinner and many rounds of drinks in a Reno restaurant. Then Kriuchkov revealed he was part of a group engaged in a “special project.” The plan was that he and his team would stage an attack over the Internet on Tesla’s computers known as a distributed denial-of-service attack. But the attack would merely be a diversion so that the employee could install a data-stealing malware program on Tesla’s network. The malware could be delivered via a thumb drive or in an email attachment.
That offer prompted the employee to get in touch with the FBI, which quickly began monitoring all of Kriuchkov’s actions.
Over subsequent days, the hacker met with the employee multiple times to hash out the plot, unaware that the FBI was listening in. On Aug. 18, Kriuchkov offered to pay the employee $1 million after the malware was installed. A day later, he had the employee use Tor, web browsing software designed to evade surveillance, to set up a Bitcoin wallet to accept the payment. And on Aug. 21, Kriuchkov gave the employee a burner phone, saying the group would send a signal via the phone when the operation was ready.
That was to be the pair’s last meeting, as Kriuchkov said he was leaving the country the next day. The FBI moved in and arrested Kriuchkov shortly thereafter. In federal court in Reno on Aug. 24, he was charged with one count of conspiring to intentionally cause damage to a protected computer and faces up to five years in prison.