Hackers Broke Into Tesla’s Amazon Cloud System To Secretly Mine Cryptocurrency

Hackers Tesla Amazon Secretly Mine Cryptocurrency

Katherine Welles / Shutterstock.com

If you had any doubt that cryptocurrency is the future of money, first off, (A) STEVEN SEAGAL is totally into it, and (B) do you ever hear about hackers using other people’s computers, phones, and cloud services to make REAL money? No, you don’t. They only do that for the cool new virtual currencies like Bitcoin, Litecoin, Ethereum and others.

Heck, when Russian scientists are using the supercomputer at their nuclear warhead facility to mine cryptocurrency, you know it’s legit.

So this news that hackers hijacked Tesla’s Amazon Web Services (Tesla!) account and used their cloud computing capacity to secretly mine cryptocurrency should really come as no surprise. It ain’t cheap to mine fake, I mean, virtual money.

According to CNBC

Hackers were able to infiltrate the automaker’s Kubernetes administration console because it was not password protected, cybersecurity firm RedLock said Tuesday. Kubernetes is a Google-designed system aimed at optimizing cloud applications.

This left access credentials for Tesla’s Amazon Web Services (AWS) account exposed, and hackers deployed cryptocurrency mining software called Stratum to mine cryptocurrency using the cloud’s computing power.

British insurer Aviva and Dutch SIM-maker Gemalto were also affected by similar issues with hacking.

“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” stated a spokesperson for Tesla via email.

“The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

Hackers Tesla Amazon Mine Cryptocurrency

PixieMe / Shutterstock.com

Cybersecurity firm RedLock, who discovered the Tesla cryptojacking, noted “some sophisticated evasion measures that were employed in this attack.”

— Unlike other crypto mining incidents, the hackers did not use a well known public “mining pool” in this attack. Instead, they installed mining pool software and configured the malicious script to connect to an “unlisted” or semi-public endpoint. This makes it difficult for standard IP/domain based threat intelligence feeds to detect the malicious activity.

— The hackers also hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service. The hackers can use a new IP address on-demand by registering for free CDN services. This makes IP address based detection of crypto mining activity even more challenging.

— Moreover, the mining software was configured to listen on a non-standard port which makes it hard to detect the malicious activity based on port traffic.

— Lastly, the team also observed on Tesla’s Kubernetes dashboard that CPU usage was not very high. The hackers had most likely configured the mining software to keep the usage low to evade detection.

The best part? RedLock CTO Gaurav Kumar said about the attack, “In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence.”

So basically, they did everything expected of them and hackers are still having their way. Cool!

Douglas Charles headshot avatar BroBible
Before settling down at BroBible, Douglas Charles, a graduate of the University of Iowa (Go Hawks), owned and operated a wide assortment of websites. He is also one of the few White Sox fans out there and thinks Michael Jordan is, hands down, the GOAT.