Russian Pleads Guilty To Tesla Hacking And Extortion Attempt

Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla’s Nevada Gigafactory.

His end goal was to extort the company using the sensitive information stolen from Tesla’s servers as leverage to convince the company to pay a ransom to avoid having the data leaked.

To convince the company’s employee to act as an insider for his criminal gang, Kriuchkov told him that he would be paid $1,000,000 worth of bitcoins after the malware got deployed on the company’s network, according to court documents.

Plans foiled after a series of other ransom attacks

Kriuchkov also told the Tesla employee that he was earlier involved in other similar “projects” where one of the victim companies paid $4 million after negotiating down from an initial $6 million ransom.

Kriuchkov explained that “the ‘group’ has performed these ‘special projects’ successfully on multiple occasions, and identified some of the targeted companies,” according to the indictment.

The Tesla employee was also told that during their “special project” targeting Tesla’s network, the criminals would launch a Distributed Denial of Service (DDoS) attack to divert attention from the insider’s attempt to deploy malware.

The employee would have also had to provide info on Tesla’s network to help with the malware’s development process.

However, the 27-year-old defendant’s plans were thwarted by the FBI after the Tesla employee revealed Kriuchkov’s attempts to recruit him via WhatsApp and in multiple face-to-face meetings where they discussed details of the conspiracy.

Tesla’s CEO, Elon Musk, later confirmed in a Twitter reply that Kriuchkov was indeed trying to recruit a Tesla employee to help with his extortion scheme.

Also Read: What Do 4 Messaging Apps Get From You? Read The iOS Privacy App Labels

Much appreciated. This was a serious attack.

— Elon Musk (@elonmusk) August 27, 2020

The defendant was arrested in August 2020 after he received a phone call from an FBI agent and hurried to leave the US to avoid getting caught.

He was indicted one month later and was charged with a count of conspiracy to intentionally cause damage to a protected computer, facing a statutory maximum sentence of five years in prison and a $250,000 fine.

“The swift response of the company and the FBI prevented a major exfiltration of the victim company’s data and stopped the extortion scheme at its inception,” Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division said.

“This case highlights the importance of companies coming forward to law enforcement, and the positive results when they do so.”

Also Read: Key PDPA Amendments 2019/2020 You Should Know

According to the guilty plea, Kriuchkov agreed to a sentence within four to ten months of imprisonment and three years of supervised release.