A Russian national who tried to hack Tesla in a botched multimillion-dollar ransom attempt has pleaded guilty

GettyImages 1229892852
Tesla CEO Elon Musk.

  • Egor Igorevich Kriuchkov pleaded guilty to attempting to hack Tesla as part of a cybercrime gang.
  • Kriuchkov traveled from Russia to Nevada to ask a Tesla employee to plant malware in Tesla’s system.
  • The gang planned to extract data and then make the company pay millions of dollars to get it back.
  • See more stories on Insider’s business page.

A Russian national who tried to hack Tesla last August in a failed ransomware attack has pleaded guilty and could spend up to ten months behind bars, The Record first reported.

In a plea agreement filed Wednesday, Egor Igorevich Kriuchkov agreed to plead guilty for “conspiracy to intentionally cause damage to a protected computer.”

In August, the US Department of Justice accused Kriuchkov of working with a Russian cybercrime gang and offering $1 million to an employee at a company in Nevada – identified only as company A – to install malware on the company’s systems. Tesla’s CEO, Elon Musk, confirmed his carmaker was the target, Insider’s Isobel Asher Hamilton reported.

According to his plea agreement, Kriuchkov traveled to the US in late July, and met with an unnamed Tesla employee from Tesla’s Reno, Nevada gigafactory multiple times throughout August. The DOJ said Kriuchkov took the employee out for drinks multiple times. He also provided him with a phone and instructed him to delete their communications, it said.

Read more: The true disrupter in the auto industry isn’t Tesla – it’s Fisker

In the plea agreement, Kriuchkov said the gang planned to provide the employee with malware to plant in Tesla’s system. The gang would launch a distributed denial of service attack against Tesla to divert the company while the gang extracted data.

The gang would then extort Tesla for a “substantial payment.” Insider reported in August that the ransom would have been around $4 million.

Kriuchkov said in his plea agreement that the employee would have been paid for their participation and was offered an advance payment in Bitcoin. The DOJ said that Kriuchkov offered the employee $1 million for his role in the ransom.

FBI recordings show that Kriuchkov himself would have been paid $250,000 for recruiting the employee, The Record reported.

Tesla reportedly contacted the FBI after the employee told Tesla about Kriuchkov’s proposition. The DOJ said that the employee co-operated with the FBI, recording conversations with Kriuchkov when agents couldn’t eavesdrop.

The plea agreement says that a prison sentence of between four and ten months, followed by up to three years of supervised release, would be “appropriate.” After this, Kriuchkov would be reported to Russia. He would also have to pay restitution to Tesla, but wouldn’t have to pay fees, per the agreement. The district court has scheduled Kriuchkov’s sentencing hearing for May 10, The Record reported.

Because of his plea, a jury trial for July has been canceled. If the jury had found him guilty, he could have spent up to five years in prison and be fined up to $250,000, per the plea agreement.

Read the original article on Business Insider

At least 30,000 US organizations, small businesses and government offices were victims of Microsoft Exchange hack: Krebs

Microsoft's CEO Satya Nadella
Microsoft’s CEO Satya Nadella

At least 30,0000 organizations across the US have been hacked over the last few days through flaws in Microsoft’s Exchange server email software, sources familiar with the matter told KrebsOnSecurity.

The “unusually aggressive Chinese cyber espionage unit” that Microsoft calls “Hafnium” is focusing on stealing emails from a range of victims, including companies, small businesses, and local governments, Krebs said. 

The group exploited four flaws in Microsoft’s Exchange servers. The bugs gave attackers full remote control over the affected systems.

With each hacking incident, the group left behind a hacking tool called “web shell” that is protected by an easy password and could be accessed from any internet browser, the cybersecurity blog said. This tool allowed hackers to have administrative access to computer servers.

Microsoft released a security update this week to patch Exchange versions from 2013 to 2019. Microsoft recommended users immediately install updates to the Exchange product, which is primarily used by business customers. The company also said that it informed appropriate US government agencies about the breach.

Microsoft said the email system is used by organizations including companies, infectious disease researchers, defense contractors, law firms, NGOs, and universities. 

The purported Chinese hacking group is responsible for seizing control over hundreds of thousands of Microsoft Exchange servers worldwide, two anonymous cybersecurity experts told KrebsOnSecurity.

Chinese Foreign Ministry spokesman Wang Wenbin responded to Microsoft’s accusations in a Wednesday press briefing, saying there was not enough evidence to draw a conclusion on the Exchange hack’s origins, according to Bloomberg.

This is the eighth time in the last 12 months that Microsoft has publicly reported state-sponsored hacks.

White House Press Secretary Jen Psaki said in a press briefing on Friday that the weaknesses found in Microsoft’s Exchange Servers were “significant.” 

“We’re concerned that there are a large number of victims,” she added.

The Prague municipality and the Czech Ministry for Labor and Social Affairs were impacted by the Hafnium server breach, according to Reuters who cited a European cyber official briefed on the issue.

Read the original article on Business Insider

America built the world’s most sophisticated cyberweapons. Now they’re being used against the country, a new book argues.

US cyberwarfare Exercises on cyberwarfare and security are seen taking place during the NATO CWIX interoperability exercise n 22 June, 2017 in Bydgoszcz, Poland. (Photo by Jaap Arriens/NurPhoto via Getty Images)
  • The US has long emphasized cyber offense over defense, Nicole Perlroth argues in a new book.
  • But now the weapons it developed are being used against it, the The New York Times reporter said.
  • Perlroth told Insider the US needs to shore up its biggest vulnerability: critical infrastructure.
  • Visit the Business section of Insider for more stories.

In March 2017, WikiLeaks published a trove of leaked CIA hacking tools. The agency’s internal report, obtained last year by The Washington Post, eventually blamed the CIA’s hackers for spending too much effort “building cyber weapons at the expense of securing their own systems.”

A month after the CIA tools leaked, a group called the Shadow Brokers dumped its fifth batch of hacking tools that it had stolen from the NSA’s elite “Tailored Access Operations” group. Those tools were then used by foreign actors to carry out extensive cyberattacks, including the infamous WannaCry attacks, whose targets included American companies and government agencies.

More recently, the Solarwinds hack and an attempt by hackers to poison a Florida town’s water supply exposed just how vulnerable America is to cyberattacks on its home turf.

For decades, the US has had the most sophisticated arsenal of cyberweapons in the world. But America’s focus on building up its cyber offenses – and lack of focus on defensive measures – has increasingly become one of its biggest weaknesses, The New York Times reporter Nicole Perlroth argues in a new book. 

In “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race,” Perlroth, who has covered cybersecurity for more than a decade, says other countries’ cyber capabilities have caught up to the US in recent years. At the same time, she argues, America’s critical infrastructure – because so much of it is owned by private companies and connected to the internet – has become a huge target for its adversaries.

“More nation-states and cybercriminals target the United States with cyberattacks than almost any other nation, and we’re the most vulnerable because we’re the most wired,” Perlroth said in an interview with Insider.

That wasn’t always the case, Perlroth said, adding that the US is largely to blame for the flood of attacks.

In 2010, the US and Israel used a computer worm known as Stuxnet to sabotage a substantial portion of Iran’s nuclear enrichment program, in what is widely considered the first cyber “use of force” that dealt damage in the physical world. Eventually, the code that powered the attack leaked online and hackers around the world – including in Iran – were able to reverse engineer it and re-deploy it for their own purposes.

According to Perlroth, that ignited a cyber arms race that hasn’t stopped.

“Since then, almost every government on earth with maybe the exception of Antarctica has pursued these programs,” Perlroth said. “And any government official will readily admit that the target of that attack – that Iran – caught up in terms of its capabilities for cyberattacks in a much shorter timeframe than we gave it credit for.”

Countries like Iran, Russia, China, and North Korea have poured massive amounts of resources into their cyber capabilities and have successfully hit American targets using tools originally built by the US and its allies as well as tools developed in-house. And because it’s so difficult to definitively attribute a cyberattack to a specific country, Perlroth said, the threat of the US retaliating with a strong offensive attack isn’t as strong of a deterrent as it is with conventional weapons.

“We don’t need to back off on offense,” she said. “But the thing is, if we’re going to pursue an offensive strategy, if we’re going to just keep hacking into our adversaries…then we need to make sure that our own grid and our own critical infrastructure isn’t vulnerable. And right now we’re incredibly vulnerable.”

The US has long neglected the security of critical infrastructure like power plants, hospitals, and airports, which hackers could infiltrate and wreak havoc on by shutting off power, deleting patient data, or causing planes to crash, according to Perlroth.

“These are all things that could happen simultaneously and would be in many ways more deadly than a bomb going off somewhere,” Perlroth said, adding that these threats are amplified by the fact that private companies like Solarwinds, which own and operate the vast majority of US infrastructure, are first and foremost concerned with making money.

“The incentive has been get your product first to market, make your products easily accessible, not just to customers, but employees and contractors and vendors,” she said. Perlroth also said that, following the Solarwinds hack, the US government should “pause here and take inventory” of its own IT systems, including which software touches various networks, who makes it and where, and what security practices those companies have in place.

Additionally, Perlroth says better information sharing is needed between the government and private sector around constantly evolving cyber threats – something lawmakers alluded to in their recent grilling of executives from Solarwinds, Microsoft, FireEye, and Crowdstrike.

Ultimately, Perlroth said the US needs to better incentivize companies to prioritize security, both by requiring and rewarding good security practices through stricter legal requirements and tax credits, but also by slapping fines on “companies whose passwords are ‘Solarwinds123.’

Read the original article on Business Insider