February 21, 2018 by

Tesla’s Cloud Account Hacked to Mine Cryptocurrency

Tesla’s cloud environment has been exploited by hackers who used the computational power to mine cryptocurrencies and some sensitive data belonging to the electric car maker.

First discovered by RedLock security researchers, Tesla was revealed to be the organization behind an AWS (amazon Cloud Services) account left open in the public domain.  The researchers also found data in the account leading them to an unsecured Kubernetes container console that had enabled hackers to access Tesla’s AWS cloud environment.

An open source platform, Kubernetes is used to automate, manage and scale containerized applications. Tesla’s console specifically contained access credentials to the company’s AWS.

Researchers wrote:

In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment. Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.

Upon digging further, the researchers discovered cryptocurrency mining scripts operating on Tesla’s container console, siphoning computing power to mine and profit from cryptocurrency.

The hackers also kept their activity, commonly known as ‘cryptojackiing’, under wraps by installing a mining pool software instead of using a public mining pool before directing the script to connect to an unlisted endpoint that renders it difficult for threat detection systems that rely on spotting suspicious IP addresses.

Furthermore, the research team observed that Tesla’s cloud environment wasn’t running on high CPU usage, as hackers most likely configured the mining software to run on low resources to evade detection.

Researchers added:

The hackers also hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service. The hackers can use a new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more challenging.

The researchers promptly reported the incident to Tesla and the issue was rectified ‘quickly’ after.

Image credit: Pexels

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Tesla Releases Patch after Hackers Remotely Hijack Moving Car

Tesla has rushed to release a patch within 10 days of Chinese white hat hackers’ (security...

Read more arrow_forward