Tesla, the automotive company, was the victim of a cryptojacking attack as their Amazon cloud account was compromised and used to mine cryptocurrency.
Even the largest and most technologically advanced companies can be vulnerable to being hacked. Case in point is the pioneering electric car company, Tesla, owned by tech billionaire Elon Musk. They were recently the target of a cryptojacking attack that saw their Amazon cloud account compromised and used to mine cryptocurrency.
Security Not up to Snuff
A hacker, or group of hackers, hijacked an IT administrative console belonging to Tesla that had no password protection. The cybercriminals then used sophisticated scripts to begin mining for cryptocurrency.
The hack was discovered by RedLock, a cybersecurity firm. Apparently, researchers for RedLock were tracking down which groups had left their Amazon Web Services credentials openly exposed on the internet. One of the groups that RedLock found was Tesla.
Of the hack, a Tesla spokesman says:
We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it..
The impact seems to be limited to internally used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.
Crafty Hackers
RedLock notes that the hackers exposed an Amazon “simple storage service” (S3) bucket that held telemetry, mapping, and vehicle servicing data for Tesla. It appears that individual information was not accessed, but the CEO of RedLock, Varun Badhwar, says that they “didn’t try to dig in too much” and instead alerted the car company.
Badhwar says that the hackers were pretty crafty in hiding their tracks. They made sure to lower the CPU usage demanded by the Stratum software they were using for cryptocurrency mining. This allowed the mining to be virtually undetected. The hackers also kept their internet addresses secret by hiding behind the services of a content delivery service, CloudFlare.
Overall, it is unknown what cryptocurrency the hackers mined for. The current popular choice is Monero. The amount of cryptocurrency mined by the hackers is also unknown.
For their efforts, RedLock were given $3,133.70 by Tesla as part of the company’s bounty program to reward outside hackers who find flaws in their system. The amount is a reference to 1337, which is old hacker slang for elite.
Tesla is not alone in being the victim of cryptojacking. RedLock estimates that 58% of businesses that use public cloud services have exposed “at least one cloud storage device” to the public. Of that amount, the cybersecurity firm says a full 8% have had cryptojacking incidents.
Do you think companies like Tesla can do more to protect themselves from cryptojacking attacks? Let us know in the comments below.
Images courtesy of Flickr/@Maurizio Pesce, Pixabay, and Flickr/@JD Lasica.