Feds Arrest Russian Who Allegedly Targeted Tesla in Cyber Ransom Plot

A Russian citizen allegedly tried to bribe a Tesla employee $1 million to insert malware in the company’s computer system in order to extract sensitive data that could later be exchanged for a ransom, according to Department of Justice documents and media reports.

Federal criminal charges were filed against Egor Kriuchkov, a 27-year-old Russian citizen, on Aug. 23. Authorities alleged Kriuchkov traveled to the United States and offered the employee of a Nevada company a bribe to install malware on his employer’s computer network.

In publicly released court documents the DOJ did not reveal what company Kriuchkov had targeted in the alleged plot. However, over the subsequent week, multiple media reports, along with a tweet by Tesla CEO Elon Musk, confirmed that the automaker, famous for its electric vehicles, was the target.

“Much appreciated. This was a serious attack,” wrote Musk, responding to a media report that Tesla was the company outlined in the Justice charges against Kriuchkov.

Tesla did not immediately respond to a request for comment.

Much appreciated. This was a serious attack.

— Elon Musk (@elonmusk) August 27, 2020

Tesla’s Gigafactory 1 is located in Sparks, Nevada — some 4 miles from Reno — where the automaker produces lithium-ion batteries for its fleet of electric vehicles. It is the highest-volume battery-making facility in the world.

Based on court documents, it’s clear the attempted malware ransom attack was thwarted by the moral compass of the employee Kriuchkov targeted — a Russian-speaking immigrant, federal documents said — who reported the bribe offer to the FBI and his employer and agreed to cooperate as a confidential law enforcement informant.

The alleged plot is what is known in cybersecurity circles as a “malicious insider” threat, in which cybersecurity defenses can be skirted by either coopting or coercing someone with access to a targeted computer system to help execute a cyberattack.

According to court documents, Kriuchkov and an unnamed co-conspirator allegedly targeted the Tesla employee through WhatsApp around July 16, and they agreed to meet in the US. According to an FBI affidavit, Kruichkov and the Tesla employee had previously met in Russia in 2016.

Kriuchkov entered the US on a valid tourist visa on July 28. And on July 31 he rented a car (a Toyota, not a Tesla) in San Francisco and drove to Reno, where he stayed the night in a hotel. For the next three days, Kriuchkov met with the unnamed employee and his associates multiple times at various locations, including the employee’s home.

Russian National Arrested for Conspiracy to Introduce Malware into a Nevada Company's Computer Network https://t.co/cKKeNYadGb

— Justice Department (@TheJusticeDept) August 25, 2020

Kriuchkov, however, showed some odd behaviors, the FBI affidavit alleges. For one, he refused to have his picture taken. Even during a beautiful sunset at Lake Tahoe, he opted out of a group photo with the employee’s group of friends. Kriuchkov also insisted on paying for all group activities involving the employee’s friends.

“Through my training and experience I know individuals involved in intelligence collection and/or criminal activity often spend extravagantly on individuals they are attempting to recruit and/or co-opt for participation in criminal activity,” FBI Special Agent Michael Hughes wrote in a court affidavit.

On Aug. 3, Kriuchkov allegedly made an initial $500,000 bribe offer to the employee — payable in cash or bitcoin — to engage with him in a “special project” on behalf of a “group.” The bribe amount was later upped to $1 million, the FBI said.

According to an FBI affidavit, the employee reported Kriuchkov’s plot to the FBI in the beginning of August and thereafter became a confidential informant for the federal law enforcement agency.

According to court documents, Kriuchkov wanted to install malware — which he allegedly claimed cost $250,000 to develop — on the company’s computer system in order to steal sensitive data. Thereafter, that stolen data would be exploited as blackmail to extract a ransom payment by the company. Malware, or malicious software, refers to software programs designed to damage or do other unwanted actions on a computer system.

Kriuchkov met with the employee again on Aug. 7 and offered to make part of the bribe payment ahead of time. The FBI affidavit states that the Aug. 7 meeting was under FBI surveillance, underscoring that by that date the employee was already working as a confidential informant.

The pair met several more times prior to Kriuchkov’s arrest in Los Angeles on Aug. 22.

Kriuchkov allegedly cut off the deal because the “group” for which he worked was supposedly engaged in another plot with a “large payout.”