The Cold War days are long gone, but it seems some want to revive that. A Russian citizen named Egor Igorevich Kriuchkov tried to bribe a Tesla employee to convince him to insert malware into the company’s computers, according to DriveTeslaCanada.ca. That would allow hijacking Tesla’s data and threatening to release it online if Tesla did not pay to prevent that. Luckily, this employee contacted the FBI, and Kriuchkov was arrested.
There is no mention to which company the Russian hacker and his group were targeting in the FBI document. However, the guys from DriveTeslaCanada.ca believe it to be Tesla probably because of how big the company currently is. There is also the fact that Kriuchkov arrived in California and then traveled to Nevada. If it is really Tesla, that could imply he was probably trying to co-opt more than one of its employees.
The Russian hacker first contacted the alleged Tesla worker on July 16 via Whatsapp. The FBI report refers to this employee as CHS1 (Confidential Human Source 1). He and Kriuchkov had already met back in 2016. The Russian said he got CHS1’s contact through a mutual acquaintance and that he was going to the US and wanted to pay him a visit.
Kriuchkov arrived in the US on July 28, bought an American cell phone, rented a grey Toyota Corolla, and finally met CHS1 on August 1. On August 2, the Russian took CHS1 and two other CHS1 friends to South Lake Tahoe in California. He did not take pictures of the place and reluctantly agreed to be in a group photo. When he left the group back home, he asked to meet CHS1 alone to discuss “business.”
On August 3, Kriuchkov told CHS1 what the real reason for his trip to the US was. He said he worked on “special projects” with a group that specialized in installing ransomware in targeted companies. Their malware first behaves like a DDoS (Distributed Denial of Service) to conceal the real attack it is promoting.
CHS1 would receive $500,000 – in cash or Bitcoins – to help them get the malware in Tesla’s computers. That would happen either through a pen drive or an email attachment, whatever he felt would be safer. What these bad guys probably did not expect was that CHS1 would feel like talking to the FBI, which he did soon after this meeting.
On August 7, Kriuchkov asked to talk to CHS1 again. That meeting was already surveilled and recorded by the FBI. Since CHS1 was still hesitant, Kriuchkov mentioned other companies the group targeted and that their oldest job happened three and a half years ago. Their accomplice there still worked for the affected company.
CHS1 played the game and said he would only do that for $1 million. He also asked for payment in advance: $50,000. They agreed to meet again at a later date, which eventually was August 17.
On that meeting, CHS1 expressed he had no idea if he could trust the group, which also never had paid any accomplice in advance. Apart from Kriuchkov, CHS1 also talked to another coconspirator. They revealed the groups “boss” would get $2 million and that they had never paid so much money to any co-optee. The hackers also mentioned one member of the group is a “high-level employee of a government bank in Russia.”
CHS1 would meet Kriuchkov four other times, on August 18, 19, 20, and 21. In one of them, the Russian hacker left his American cell phone with CHS1. The group would communicate with the Tesla employee through it because the attack was delayed. CHS1 also had to establish a Bitcoin wallet to receive the payment and managed to see a name in Kriuchkov’s personal phone: Sasha Skarobogatov. This name appeared in other ransomware cases already.
On August 22, Kriuchkov was arrested while trying to leave the US. He now waits for trial in prison, and he’ll probably help the FBI find the other members of his group to spend less time in jail. This will become an extensive international investigation.
Was it really Tesla involved in this? Only CHS1 and the FBI can tell for sure, but which other companies inspire that sort of loyalty from employees and customers? DriveTeslaCanada.ca may have made a good guess. Regardless, we are glad to know this company escaped. What about the others the group attacked or plans to? We hope Kriuchkov also reveals the employees that helped these hackers invade them.