Skip to Content
Computing

How a $1 million plot to hack Tesla failed

A Tesla employee thwarted a ransomware attack that targeted the Gigafactory
Photo by Vlad Tchompalov on Unsplash

Hacking isn’t all 1s and 0s—more often than you’d think, it’s about people. A Tesla employee was offered a $1 million bribe in early August to install ransomware on the car company’s networks in Nevada, a scheme that could have netted a cybercrime gang many more millions in extortion, according to a newly unsealed US Justice Department indictment (pdf).

Egor Igorevich Kriuchkov, a 27-year-old Russian, came to the United States in July and began sending WhatsApp messages to an employee of a US company he’d first met years earlier, US law enforcement says. The two met in person a few days later and Kriuchkov began to pitch a “special project,” first for a payment of $500,000 and then $1 million in cash or Bitcoin: either open a malicious email attachment or use an infected USB stick to infiltrate the company’s networks, according to the indictment. 

Tesla’s Nevada-based Gigafactory was the target of the hackers, Tesla CEO Elon Musk confirmed on Twitter. He called it a “serious attack.” The US Federal Bureau of Investigation became involved early on when the Tesla employee alerted it to Kriuchkov’s plan. Insider threats, where a company’s own employee carries out a cyberattack against it, are an especially pernicious and subtle form of hacking.

The Tesla employee, a Russian-speaking immigrant, told the FBI that Kriuchkov said the ransomware cost $250,000 to develop. The program would steal Tesla’s files and threaten to release the data unless an enormous ransom was paid. 

Ransomware is a tried-and-true criminal business model that generates millions of dollars in revenue every year. Ransomware gangs regularly target businesses big and small by crippling computers and stealing data, and often come away with multimillion-dollar paydays when victims see no other way out but to pay the ransom. The criminal ransomware business has been growing for years, and the hackers are fully professional: American travel firm CWT recently paid $4.5 million in ransom, leaked logs showed, after hackers knocked 30,000 computers offline and conducted a lengthy negotiation with the corporation. 

Kriuchkov’s trip around the world makes his scheme uniquely risky—and potentially rewarding—compared with more common remote attacks. He allegedly told the Tesla employee that insider threats were normal for his gang: they’d pay employees to install malware on employers’ networks and then launch a denial-of-service attack to disguise the theft of valuable data. For years, he said, they’d carried out attacks like this and handled payments on a well-known hacking forum. 

The gang was so successful, according to the indictment, that Kriuchkov said the Tesla scheme would have to be delayed while most of its attention was on another ransomware victim.

Kriuchkov was arrested by the FBI in Los Angeles after being contacted by the bureau, driving all night, and trying to leave the United States, according to the Justice Department.

Deep Dive

Computing

Everything dies, including information

Digitization can help stem the tide of entropy, but it won’t stop it.

What’s next in cybersecurity

“When it comes to really cutting off ransomware from the source, I think we took a step back.”

Cyber resilience melds data security and protection

Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.

A new age of disaster recovery planning for SMEs

How cybersecurity threats have morphed, why SMEs need to plan for disaster recovery, and what they should do about it.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.