A Russian has pleaded guilty to offering a Tesla employee a million dollars to paralyze the Nevada electric car factory with ransomware in an extortion plan
RENO, Nev. – A Russian has pleaded guilty in the US to offering a Tesla employee a million dollars to paralyze the Nevada electric car company’s massive battery factory with ransomware and steal the company’s secrets for extortion, prosecutors and court files said.
In a case that cybersecurity experts considered exceptional for the risks he took, Egor Igorevich Kriuchkov pleaded guilty Thursday in the US District Court in Reno. His court-appointed federal public defender, Chris Frey, declined to comment Friday.
Prosecutors claimed that Kriuchkov acted on behalf of foreign co-conspirators and tried to use face-to-face bribery to recruit an insider to physically plant ransomware, which mixes data into targeted networks and can only be unlocked with a software key provided of attackers. Usually, ransomware gangs operating from safe havens enter victims’ networks on the Internet and download data before activating the ransomware.
“The fact that such a risk has been taken may, perhaps, suggest that this was an intelligence operation aimed at obtaining information, rather than an extortion operation aimed at obtaining money,” said Brett Callow, a data analyst. cybersecurity at antivirus software company Emsisoft.
“It is also possible for criminals to believe that the bet is worth it and have decided to roll the dice,” Callow said.
Charles Carmakal, technical director at cybersecurity firm FireEye, agreed. “You could have done it thousands of miles away without risking any good,” he said.
The FBI said the plot was stopped before any damage occurred.
Kriuchkov, 27, told a judge in September that he knew the Russian government was aware of his case. But prosecutors and the FBI did not claim links to the Kremlin. Kriuchkov is in federal custody of Reno’s Washoe County Prison.
His plea guilty of conspiracy to intentionally damage a protected computer could have cost him up to five years in prison and a $ 250,000 fine. But he expects to face no more than 10 months under his written plea agreement.
He has already been arrested for seven months since his August arrest in Los Angeles. Federal authorities said he was heading to an airport to fly out of the country.
“The rapid response of the company and the FBI prevented a major leak of the victim’s company data and stopped the extortion scheme in its infancy,” Assistant Attorney General Nicholas McQuaid said in a statement. “This case highlights the importance of law enforcement and positive results when doing so.”
Tesla CEO Elon Musk acknowledged that his company was the target of what he called a serious effort to collect company secrets. Tesla has a massive factory near Reno, which produces batteries for electric vehicles and energy storage units. Company representatives did not immediately respond to messages on Friday.
Court documents show that Kriuchkov was in the United States for more than five weeks in July and August last year on a Russian passport and tourist visa, when he tried to recruit an employee from what was identified as “Company A” for to install software that allows a computer hack.
The employee, who was not identified, was to receive payments in the digital cryptocurrency Bitcoin.
No other suspects have been charged in the case. Some have been identified in a criminal complaint with nicknames, including Kisa and Pasha, and one person is identified as Sasha Skarobogatov.
Some meetings were monitored and recorded by the FBI, according to court documents. It was not clear from the court files whether the money had changed.
In court documents, Kriuchkov was quoted as saying that the job inside would be camouflaged with a distributed denial of service attack on the factory computers outside. Such attacks overwhelm servers with unwanted traffic. If Tesla did not pay, the data provided would be thrown on the open internet.
The documents also claimed that Kriuchkov claimed that the potential recruit had carried out similar “special projects” at other companies several times, with a victim allegedly forfeiting a $ 4 million ransom payment.
————
Ritter reported from Las Vegas. Bajak reported from Boston. Sonner reported from the Reno.