Tesla Is the Newest Crypto-Jacking Victim
The hack was discovered by cybersecurity firm Red Lock, which recently stated that the company’s Amazon Web services (AWS) account had been overtaken by individuals seeking to mine cryptocurrencies. The attack ultimately led to some of the company’s data being compromised.
This is the latest example of what can be considered a standard crypto-jacking case. As we all know by now, crypto-jacking has become very common in the digital asset arena, and involves hackers taking over a user’s computer or computer network to potentially mine cryptocurrency without their knowledge or consent. Typically, Monero – given its quasi-anonymous properties – is the main target of crypto-jacking thieves, though at press time, it’s unclear if Monero was mined through Tesla’s account.
Once the hacker has infiltrated the device or devices, they are able to extract new coins utilizing the owner’s electricity. They rake in quite a profit while the original owner earns nothing except high energy bills each month.
A spokesperson for Tesla states that customer data remains safe and secure following the hack:
We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.
Red Lock, which claims to have come across Tesla’s issue by chance, was paid a $3,000 bounty by the company to fix the problem. At the time of writing, the firm has been unable to track down the hackers. It is also unsure of how much money was taken.
In a separate statement, Red Lock’s CTO Gaurav Kumar believes that crypto-jacking and attacks of this nature are likely to continue for some time, as many computer networks simply don’t have the security means of protecting themselves against it. He states:
Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity.
That’s a scary thought when one really considers the circumstances. With the introduction of cloud technology and machine-learning to our networking systems, one must realize that while newer, stronger software has been established, it has also left doors open for new kinds of attacks.
How Can We Protect Ourselves?
In addition, cryptocurrency, while still relatively new to the financial arena, still has ten years under its belt, so the idea that barriers against something like crypto-jacking haven’t been established leaves a lot of room for improvement.
According to Red Lock, the hackers infiltrated Tesla’s account by infiltrating a Kubernetes console, which is a type of Google-established software application. They then “ran scripts” to mine digital assets.