FBI and Tesla thwart $4 million Bitcoin ransomware plot

Published at: Aug. 28, 2020

A young Russian citizen and his co-conspirators came within an inch of carrying out a major ransomware attack against Tesla — unaware that their target had already turned them in.

Last week, the United States Federal Bureau Investigation (FBI) unsealed a criminal complaint against a conspirator in a thwarted ransomware plot against the electric car maker Tesla.

On Aug. 22, the Bureau arrested 27 year-old Russian citizen Pavel Kriuchkov in Los Angeles, who had allegedly spent much of his month in the U.S. attempting to recruit a Tesla staffer at the firm’s Gigafactory Nevada site to collude on a nefarious “special project.”

That “special project” came with a lucrative incentive — a bribe of $500,000, later upped to $1 million. A small advance payment was to have been paid into the staffer’s Bitcoin (BTC) wallet, installed using a Tor browser to evade detection.

In return for the bribe, the staffer was asked to assist in the installation of a targeted malware attack against Tesla — a two-stage plot involving a distributed denial of service attack, followed by an exfiltration of sensitive company data. 

The plan was to hold Tesla to ransom under threat of dumping the information publicly. Kriuchkov’s conspirators had their eye on a $4 million ransom.

The hitch was that, soon after Kriuchkov’s first meeting with the staffer, who remains anonymous, the staffer had already alerted Tesla, which, in turn, tipped off the FBI. 

A series of August meetings between Kriuchov and the staffer were physically surveilled and wire-tapped by FBI agents. They collected intelligence about the operation and other prior exploits while preparations for the cyberattack were being hatched.

One of the conspirators was, according to Kriuchkov’s communications with the staffer, a hacker specializing in encryption, who allegedly works as a high level employee of a government bank in Russia. 

Kriuchkov himself was self-avowedly hazy on the technical aspects of the planned attack, and was ostensibly being paid $250,000 for his recruitment efforts. 

In one early meeting, Kriuchkov, the staffer and two of the latter’s friends made an excursion to Lake Tahoe in California. Kriuchkov insisted on footing the bill for the group’s expenses, but shied away from posing in group photos, insisting he could “remember the beauty of the sunset” without a memento.

On Aug. 21, Kriuchov informed the staffer that the attack was being delayed until a later date, and that he would be leaving Nevada the following day. Following his arrest in Los Angeles on Aug. 22, he is now in detention pending trial.

While Tesla is not explicitly named in the FBI’s criminal complaint, Tesla news site Teslarati has confirmed the company was the target. CEO Elon Musk acknowledged the scheme in a tweet:

Much appreciated. This was a serious attack.

— Elon Musk (@elonmusk) August 27, 2020
Tags
Fbi
Related Posts
Crypto is impossible to destroy, says Tesla CEO Elon Musk
As global regulators continue to scrutinize the cryptocurrency industry, Tesla CEO Elon Musk has expressed support for crypto, calling it indestructible. “It is not possible to, I think, destroy crypto, but it is possible for governments to slow down its advancement,” Musk said at the Code Conference in California, CNBC reported Tuesday. According to the Tesla CEO, the decentralized nature of cryptocurrencies may be a challenge for the Chinese government, which announced a new war on crypto last Friday. “I suppose cryptocurrency is fundamentally aimed at reducing the power of a centralized government,” Musk noted, adding, “They don’t like that.” …
Adoption / Sept. 29, 2021
FBI joins Mirror Trading probe in Africa to help recover US investor funds
Investigations into the South African company Mirror Trading International (MTI) — widely seen as last year’s most ruinous Bitcoin (BTC) Ponzi scheme — are now engaging the United States Federal Bureau of Investigation. MTI, which went into provisional liquidation in December 2020, claimed to have over 260,000 members across 170 countries at its height. It had first caught regulators’ attention in Texas back in July of last year, where its operations were quickly shut down. South Africa’s Financial Services Conduct Authority (FSCA) issued its own statement in August 2020, warning that the company lacked a mandatory license and was offering …
Bitcoin / Aug. 4, 2021
Powers On... Why the SEC, CFTC or FTC needs to check in on Elon Musk’s frenzied crypto tweets
Powers On... is a monthly opinion column from Marc Powers, who spent much of his 40-year legal career working with complex securities-related cases in the United States after a stint with the SEC. He is now an adjunct professor at Florida International University College of Law, where he teaches a course on “Blockchain, Crypto and Regulatory Considerations.” These past few weeks have been tumultuous, especially for newbies to the crypto market. First, on May 8, Elon Musk, CEO of Tesla, was the host of Saturday Night Live where he promoted Dogecoin (DOGE) — a highly speculative, volatile cryptocurrency with present …
Bitcoin / May 25, 2021
Are cryptocurrency ransom payments tax-deductible?
About 2,000 years ago during its Han dynasty, China made peace with some of the nomadic people of Central Asia who continuously ransacked Silk Road traders for an easy payday. It did so in order to fully establish the Silk Road trade route, which stretched from China to Europe, and to secure a great source of wealth from trading in luxury goods. Now, as trade increasingly has shifted to the digital realm during the global COVID-19 pandemic, cyberattackers are taking advantage of organizations’ lax cybersecurity measures. They are using ransomware to lock these organizations’ data with encryption until a ransom …
Bitcoin / July 4, 2021
FBI seeks Bitcoin wallet information of ransomware attackers
Three federal agencies in the United States — the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center — jointly issued an advisory seeking information to curb ransomware attacks. As part of the #StopRansomware campaign, the joint cybersecurity advisory alerted citizens of Vice Society, a ransomware-type program that encrypts data and demands ransom for decryption. The trio anticipates a spike in ransomware attacks, primarily aimed at educational institutions, adding that “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.” While proactive measures remain vital to …
Blockchain / Sept. 7, 2022