A Russian man has pleaded guilty to offering a Tesla employee a million dollars to paralyze the plant of the electric vehicle company in Nevada with rescue software in an extortion plan
RENO, Nevada – A Russian man has pleaded guilty in the United States to offering a Tesla employee a million dollars to paralyze the Nevada electric company’s massive electric battery plant with a rescue program and stealing company secrets by extortion, prosecutors and court records reported.
In a case that cybersecurity experts considered exceptional for the risks he took, Egor Igorevich Kriuchkov pleaded guilty Thursday in U.S. District Court in Reno. His court-appointed federal attorney, Chris Frey, declined to comment Friday.
Prosecutors alleged that Kriuchkov acted on behalf of co-conspirators abroad and tried to use face-to-face bribery to recruit an insider to physically plant a ransomware, which mixes data into specific networks and can only be unlocked. with a software key provided by the attackers. . Typically, ransomware gangs operating from secure shelters hack into victims ’networks over the Internet and download data before activating the ransomware.
“The fact that this risk was taken could, perhaps, suggest that it was an intelligence operation aimed at obtaining information rather than an extortion operation aimed at obtaining money,” said Brett Callow, an analyst. cybersecurity company antivirus software company Emsisoft.
“It’s also possible that criminals thought the bet was worth it and decided to roll the dice,” Callow said.
Charles Carmakal, technical director of cybersecurity company FireEye, agreed. “You could have done it from thousands of miles away without risking any assets,” he said.
The FBI said the plot was stopped before any damage occurred.
Kriuchkov, 27, told a judge in September he knew the Russian government knew about his case. But prosecutors and the FBI have not been linked to the Kremlin. Kriuchkov is in federal custody at the Washoe County Jail in Reno.
His guilty plea for conspiring to cause intentional damage to a protected computer could have resulted in up to five years in prison and a $ 250,000 fine. But he is expected not to face more than ten months under the terms of his written grievance agreement.
He has been in custody for seven months since his arrest in August in Los Angeles. Federal authorities said he had headed to an airport to fly out of the country.
“The rapid response of the company and the FBI prevented a major leak of data from the victim company and stopped the extortion scheme from its inception,” the deputy attorney general said in a statement. functions, Nicholas McQuaid. “This case highlights the importance of companies presenting themselves to law enforcement and the positive results when they do.”
Tesla CEO Elon Musk has acknowledged that his company was the target of what he described as a serious effort to gather company secrets. Tesla has a massive factory near Reno that manufactures batteries for electric vehicles and energy storage units. Company representatives did not immediately respond to messages on Friday.
Court documents indicate that Kriuchkov was in the United States for more than five weeks last July and August with a Russian passport and tourist visa when he tried to recruit an employee of what was identified as “Company A” for install software that would allow you to hack your computer.
The employee, who was not identified, had to receive payments with the Bitcoin digital cryptocurrency.
No other alleged co-conspirator was charged in the case. Some were identified in a criminal complaint by nicknames, including Kisa and Pasha, and one person is identified as Sasha Skarobogatov.
Some meetings were monitored and recorded by the FBI, according to court documents. It is not clear from court records whether the money changes hands.
In court documents, Kriuchkov was quoted as saying that indoor work would be camouflaged with a distributed denial of service attack on plant computers from outside. These attacks overwhelm servers with junk traffic. If Tesla did not pay, the published data would be dumped on the open Internet.
The documents also said Kriuchkov claimed to the potential recruit that he had executed similar “special projects” at other companies on several occasions, with one victim allegedly making a $ 4 million ransom payment.
————
Ritter reported from Las Vegas. Bajak reported from Boston. Sonner reported from Reno.