A Russian man pleaded guilty to offering a Tesla employee $ 1 million to paralyze the electric car company’s Nevada plant with ransomware in an extortion scheme.
RENO, Nevada – A Russian man pleaded guilty in the United States to offering a Tesla employee $ 1 million to disable the electric car company’s massive electric battery plant in Nevada with ransomware and stealing company secrets for extortion. prosecutors and court records said.
In a case that cybersecurity experts called exceptional because of the risks he took, Egor Igorevich Kriuchkov pleaded guilty Thursday in the United States District Court in Reno. His court-appointed federal public defender, Chris Frey, declined to comment on Friday.
Prosecutors alleged that Kryuchkov acted on behalf of co-conspirators abroad and attempted to use face-to-face bribery to recruit an insider to physically plant ransomware, which encrypts data on specific networks and can only be unlocked with a key. of software provided by the attackers. . Ransomware gangs operating from safe havens typically hack into victim networks across the Internet and download data before activating the ransomware.
“The fact that such a risk was taken could perhaps suggest that it was an intelligence operation aimed at obtaining information rather than an extortion operation aimed at obtaining money,” said Brett Callow, the company’s cybersecurity analyst. Emsisoft antivirus software.
“It’s also possible that the criminals thought the gamble was worth it and decided to roll the dice,” Callow said.
Charles Carmakal, technical director at cybersecurity firm FireEye, agreed. “It could have potentially done it from thousands of miles away without risking any assets,” he said.
The FBI said the plot was stopped before any damage occurred.
Kryuchkov, 27, told a judge in September that he knew the Russian government was aware of his case. But prosecutors and the FBI have not alleged ties to the Kremlin. Kriuchkov is in federal custody at the Washoe County Jail in Reno.
His guilty plea of conspiracy to intentionally damage a protected computer could have led to up to five years in prison and a $ 250,000 fine. But he is expected to face no more than 10 months under the terms of his written plea agreement.
He has been in detention for seven months, since his arrest in Los Angeles in August. Federal authorities said he was heading to an airport to fly out of the country.
“The rapid response of the company and the FBI prevented a major exfiltration of the victim company data and stopped the extortion scheme from its inception,” Acting Deputy Attorney General Nicholas McQuaid said in a statement. “This case highlights the importance of companies making themselves known to law enforcement and the positive results when they do.”
Tesla CEO Elon Musk has acknowledged that his company was the target of what he called a serious effort to collect company secrets. Tesla has a huge factory near Reno that makes batteries for electric vehicles and energy storage units. Company representatives did not immediately respond to messages on Friday.
Court documents say Kryuchkov was in the United States for more than five weeks in July and August on a Russian passport and tourist visa when he tried to hire an employee of what was identified as “Company A” to install software. that would allow a hacking.
The employee, who was not identified, was to receive payments in the digital cryptocurrency Bitcoin.
No other alleged conspirators were charged in the case. Some were identified in a criminal complaint with nicknames like Kisa and Pasha, and one person identifies himself as Sasha Skarobogatov.
Some meetings were monitored and recorded by the FBI, according to court documents. It was not clear from court records if the money changed hands.
In court documents, Kryuchkov was quoted as saying that internal work would be camouflaged with a distributed denial of service attack on the plant’s computers from the outside. Such attacks overwhelm servers with junk traffic. If Tesla didn’t pay, the stolen data would be downloaded over the Internet.
The documents also said that Kryuchkov claimed to the potential recruit that he had executed similar “special projects” at other companies on multiple occasions, and that a victim allegedly delivered a $ 4 million ransom payment.
————
Ritter reported from Las Vegas. Bajak reported from Boston. Sonner reported from Reno.