While Elon Musk’s SpaceX rocket was blasting off into space on its multi-million-mile journey past Mars, there was trouble brewing in one of his other enterprises slightly closer to home. Musk’s electric car company Tesla had been hacked. And while his red Tesla Roadster was beaming a message of “Don’t Panic” back to Earth, there was plenty of panic going on back in Tesla’s HQ in Palo Alto. This wasn’t concern that the red Roadster was going to smash back into Earth earlier than planned (really, don’t panic—that’s not scheduled to happen for another several 100 million years). No, the panic was much more humdrum—Tesla’s cloud servers had been hacked, but not to steal sensitive design or marketing information. In fact, what the hackers were after was pure, raw computing power to aid in the new practice called cryptocurrency mining.
On Tuesday, February 6th, 2018, Elon Musk’s extra-terrestrial space travel company Space Exploration Technologies Corp., aka “SpaceX” launched its Falcon Heavy spaceship on a rocket trip to Mars. Part of the ship’s payload included Musk’s personal, open-topped red Roadster. It had to be open-topped so that everyone could see the fellow (again, don’t panic—it was a manikin) driving the car. The driver was nicknamed “Starman” in tribute to pop idol David Bowie’s 1972 hit. But while the rocket was reaching speeds of up to 18,000 miles per hour, there were criminals back down on Earth intent on stealing something from Musk’s other hugely successful electric car company, Tesla.
One week after the rocket launch, RedLock, a software company based in Bengaluru, India, via its Cloud Security Team (yes, really, CSI) told Tesla that they had been hacked. And while Tesla did the right thing by addressing the vulnerability as soon as was physically possible, the damage to the Company’s reputation had been done. When the intrusion was exposed, it appeared that Tesla was running many hundreds of open-source networks, which had not been secured with password protection. As a result, the hackers were able to access that portion of Internet giant Amazon’s Web Services (AWS) leased out to Tesla. In a move designed to mitigate the damage, Tesla assured its customers and shareholders that no evidence had been found that customer privacy had been broached, nor the safety of Tesla drivers compromised. The Company announced that the breach had been caught and repaired within a matter of hours after the leak was discovered. Further investigation revealed that the infiltration had only affected test cars that had only ever been used within the confines of the Company itself.
First impressions of cyber attacks like the one at Tesla’s company in California had been that the criminals were trying to access Company secrets. However, it was later shown that what the hackers were intent on stealing was the significant computer processing resources that the company has at its disposal. This attack bore the clear hallmark of many similar attacks over the past two years, which paralleled the rise in activity and interest in cryptocurrencies like Bitcoin and Ethereum. These cryptocurrencies are so-named due to the “crypto” or “hidden” procedures used in the ledger process called blockchaining. This process requires multiple confirmation of any cryptocurrency trades performed on the blockchain by individuals using complex algorithms that demand extreme levels of computing power to resolve. The individuals performing such activities are called cryptocurrency miners.
In the case of the Tesla infiltration, after all the dust had settled, it became clear that the hackers had not been searching for Tesla’s new car battery designs or marketing plans, but that their goal had been to steal Tesla’s cloud computing resources. And while the security around public cloud network services remains as weak as they have been reported in the tech media, these attacks are likely to increase in intensity and number in the future.
Curtailing Cryptojacking Attacks
So, can anything really be done to prevent such cryptojacking attacks? RedLock’s CTO, Mr. Gaurav Kumar stated that “…in particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.” Another high-profile attack, similar to that experienced by Tesla, occurred with coffee chain Starbucks. Further examples of cryptomining attacks are listed in this report. RedLock’s research shows that of all of the companies tested for potential cryptojacking vulnerabilities, 16% had user accounts that had potentially been compromised, while an estimated 58% were publicly exposed to at least one cloud storage service. Further analysis suggests that approximately 10% of companies will face attack from cryptojackers in the coming 12 months, the majority of which are likely to go undetected due to a lack of effective network monitoring. Additionally, the Indian company’s research indicated that almost 70% of networked databases are unencrypted.
However, ways of countering such attacks do exist. These involve strategies combining the resources of cloud management services such as Amazon, Microsoft, and Google and those of private companies like Tesla and Starbucks. Once companies realize that the responsibility for these attacks impacts the reputations and ultimately the finances of both organizations, then effective mitigation for these attacks is within reach. Using procedures that check for anomalous network behavior, unorthodox system configurations, and host vulnerabilities, defenses against cryptojacking attacks are possible and inevitable. Add to this, efforts being made by communications service providers (CSPs) to secure incoming and outgoing traffic through their networks, then it is clear that the window for this particular form of cybercrime will be short-lived.