Russian man admits ransomware plot against Tesla in Nevada

Kriuchkov, 27, told a judge in September that he knew the Russian government was aware of his case. But prosecutors and the FBI have not alleged ties to the Kremlin.

By:AP
| Updated on: Aug 21 2022, 16:05 IST
Typically, ransomware gangs operating from safe havens hack into victim networks over the internet and download data before activating the ransomware.
Typically, ransomware gangs operating from safe havens hack into victim networks over the internet and download data before activating the ransomware.

A Russian man has pleaded guilty in the U.S. to offering a Tesla employee $1 million to cripple the electric car company's massive electric battery plant in Nevada with ransomware and steal company secrets for extortion, prosecutors and court records said.

In a case that cybersecurity experts called exceptional for the risks he took, Egor Igorevich Kriuchkov pleaded guilty Thursday in U.S. District Court in Reno. His court-appointed federal public defender, Chris Frey, declined Friday to comment.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Prosecutors alleged that Kriuchkov acted on behalf of co-conspirators abroad and attempted to use face-to-face bribery to recruit an insider to physically plant ransomware, which scrambles data on targeted networks and can only be unlocked with a software key provided by the attackers. Typically, ransomware gangs operating from safe havens hack into victim networks over the internet and download data before activating the ransomware.

Also read
Looking for a smartphone? To check mobile finder click here.

ALSO READ: Elon Musk says Tesla would be shut down if cars used for spying

“The fact that such a risk was taken could, perhaps, suggest that this was an intelligence operation aimed at obtaining information rather than an extortion operation aimed at obtaining money,” said Brett Callow, a cybersecurity analyst at anti-virus software company Emsisoft.

“It's also possible that the criminals thought the gamble was worth it and decided to roll the dice,” Callow said.

Charles Carmakal, chief technical officer at cybersecurity firm FireEye, agreed. “You could have potentially done it from thousands of miles away without risking any asset,” he said.

The FBI said the plot was stopped before any damage happened.

Kriuchkov, 27, told a judge in September that he knew the Russian government was aware of his case. But prosecutors and the FBI have not alleged ties to the Kremlin. Kriuchkov is in federal custody at the Washoe County jail in Reno.

His guilty plea to conspiracy to intentionally cause damage to a protected computer could have gotten him up to five years in prison and a $250,000 fine. But he's expected to face no more than 10 months under terms of his written plea agreement.

He already has been in custody for seven months, since his arrest in August in Los Angeles. Federal authorities said he had been heading to an airport to fly out of the country.

ALSO READ: Elon Musk crowns himself ‘Technoking of Tesla'

“The swift response of the company and the FBI prevented a major exfiltration of the victim company's data and stopped the extortion scheme at its inception,” Acting Assistant Attorney General Nicholas McQuaid said in a statement. “This case highlights the importance of companies coming forward to law enforcement, and the positive results when they do so.”

Tesla CEO Elon Musk has acknowledged his company was the target of what he termed a serious effort to collect company secrets. Tesla has a massive factory near Reno that makes batteries for electric vehicles and energy storage units. Company representatives did not immediately respond Friday to messages.

Court documents say Kriuchkov was in the United States for more than five weeks last July and August on a Russian passport and a tourist visa when he tried to recruit an employee of what was identified as “Company A” to install software enabling a computer hack.

The employee, who was no identified, was to receive payments in the digital cryptocurrency Bitcoin.

No other suspected co-conspirators were charged in the case. Some were identified in a criminal complaint by nicknames including Kisa and Pasha, and a person is identified as Sasha Skarobogatov.

ALSO READ: Hackers breach thousands of security cameras, exposing Tesla, jails, hospitals

Some meetings were monitored and recorded by the FBI, according to court documents. It was not clear from court records if money changed hands.

In court documents, Kriuchkov was quoted saying the inside job would be camouflaged with a distributed denial of service attack on plant computers from outside. Such attacks overwhelm servers with junk traffic. If Tesla didn't pay, the purloined data would be dumped on the open internet.

The documents also said Kriuchkov claimed to the prospective recruit that he had executed similar “special projects” on other companies on multiple occasions, with one victim supposedly surrendering a $4 million ransom payment.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 21 Mar, 08:06 IST
NEXT ARTICLE BEGINS