Tesla is the latest victim of what's known as cryptojacking, which is when a company is hacked and its resources used to mine cryptocurrency. In this case, hackers were able to break into Tesla's Amazon cloud account
Cybersecurity startup RedLock Cloud Security Intelligence (yes, that would be CSI) discovered the intrusion last month. Or more accurately, it stumbled upon the intrusion while investigating Kubernetes administration consoles being accessible over the internet due to a lack of password protection. These consoles are designed to help IT admins manage virtual machines.
"A couple of the instances belonged to Aviva, a British multinational insurance company, and Gemalto, the world’s largest manufacturer of SIM cards. Within these consoles, access credentials to these organizations’ Amazon Web Services (AWS) and Microsoft Azure environments were exposed. Upon further investigation, the team determined that hackers had secretly infiltrated these organizations’ public cloud environments and were using the compute instances to mine cryptocurrencies," RedLock said.
This eventually led RedLock to Tesla's account. The company notes that the attack on Tesla's cloud account was similar to the ones at Aviva and Gemalto, but with some notable differences.
"The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry," RedLock says.
The hackers used one of the pods to mine crytpocurrency. To avoid detection, the hackers did not use any well known public mining pools, and instead installed their own software with a malicious script to connect to an unlisted or semi-public endpoint. They also hid the true IP address of their custom mining pool server behind CloudFlare, a free content delivery network (CDN) service.
"We maintain a bug bounty program to encourage this type of research," a Tesla spokesperson told Fortune, adding that it began addressing the vulnerability "within hours of learning about it."
"The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way," the spokesperson said.
According to RedLock's data, around 58 percent of organizations use public cloud services. Of those, 8 percent have fallen prey to cryptojacking.
This has become a growing threat and probably won't disappear anytime soon. That's especially true with Bitcoin being on the rebound from its recent tumble. At the time of this writing, Bitcoin is trading at nearly $11,700, after dipping to below $7,000 earlier this month.