Úno 21

Tesla’s Amazon Cloud Account Hacked to Mine Cryptocurrency

· February 21, 2018 · 10:30 am

Tesla, the automotive company, was the victim of a cryptojacking attack as their Amazon cloud account was compromised and used to mine cryptocurrency.

Even the largest and most technologically advanced companies can be vulnerable to being hacked. Case in point is the pioneering electric car company, Tesla, owned by tech billionaire Elon Musk. They were recently the target of a cryptojacking attack that saw their Amazon cloud account compromised and used to mine cryptocurrency.

Tesla car

Security Not up to Snuff

A hacker, or group of hackers, hijacked an IT administrative console belonging to Tesla that had no password protection. The cybercriminals then used sophisticated scripts to begin mining for cryptocurrency.

The hack was discovered by RedLock, a cybersecurity firm. Apparently, researchers for RedLock were tracking down which groups had left their Amazon Web Services credentials openly exposed on the internet. One of the groups that RedLock found was Tesla.

Of the hack, a Tesla spokesman says:

We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it..

The impact seems to be limited to internally used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.

Crafty Hackers

RedLock notes that the hackers exposed an Amazon “simple storage service” (S3) bucket that held telemetry, mapping, and vehicle servicing data for Tesla. It appears that individual information was not accessed, but the CEO of RedLock, Varun Badhwar, says that they “didn’t try to dig in too much” and instead alerted the car company.

Elon Musk

Elon Musk

Badhwar says that the hackers were pretty crafty in hiding their tracks. They made sure to lower the CPU usage demanded by the Stratum software they were using for cryptocurrency mining. This allowed the mining to be virtually undetected. The hackers also kept their internet addresses secret by hiding behind the services of a content delivery service, CloudFlare.

Overall, it is unknown what cryptocurrency the hackers mined for. The current popular choice is Monero. The amount of cryptocurrency mined by the hackers is also unknown.

For their efforts, RedLock were given $3,133.70 by Tesla as part of the company’s bounty program to reward outside hackers who find flaws in their system. The amount is a reference to 1337, which is old hacker slang for elite.

Tesla is not alone in being the victim of cryptojacking. RedLock estimates that 58% of businesses that use public cloud services have exposed “at least one cloud storage device” to the public. Of that amount, the cybersecurity firm says a full 8% have had cryptojacking incidents.

Do you think companies like Tesla can do more to protect themselves from cryptojacking attacks? Let us know in the comments below.

Images courtesy of Flickr/@Maurizio Pesce, Pixabay, and Flickr/@JD Lasica.

Show comments

Led 04

Over 860,000 Have Signed Up to Mine the Venezuelan Petro

· January 4, 2018 · 6:30 am

President Nicolas Maduro announces that 860,811 young people have registered to mine the Petro, the new national cryptocurrency of Venezuela.

Paper Virtually Worthless

Economically, Venezuela has been in terrible shape for a number of years. The failed socialist policies of Hugo Chavez and Nicolas Maduro have destroyed the national economy, caused massive hyperinflation, and led to a humanitarian crisis where food and medicine are in short supply.

In such times, many have turned to mining Bitcoin in order to survive, but such individualistic practices are not supported by the national government. Maduro declared last December the creation of a national cryptocurrency called the Petro, and he recently announced that 860,811 young people have registered to mine the new virtual currency.

Mandatory Registry and the Creation of the Petro

It was just last month that Bitcoin miners had to join an online registry in order to legally keep mining. Some argued that the registry offered legal protection to miners. However, some cynical folks thought that such a registry would just serve to give the state a list of names and places to keep tabs on and, possibly, eventually confiscate mining tech. There have been quite a few reports of police and government authorities seizing mining computers and using them for their own gain.

Into the economic maelstrom of woe came a new hope. President Maduro announced in December 2017 the creation of the Petro cryptocurrency. This new virtual currency would allow the country to help negate the effects of US-led sanctions and would be based on the country’s stock of gold and diamond holdings, as well as over 5 billion barrels of oil. In his announcement of the Petro, Maduro said:

Venezuela will create a cryptocurrency … the ‘petro’, to advance issues of monetary sovereignty, make financial transactions and overcome the financial blockade … This is going to allow us to move toward new forms of international financing for the country’s economic and social development.

Crude Oil to Support Venezuela’s Petro Cryptocurrency

Tapping the Youth

It appears that Venezuela is going full-bore on mining Petro. Supposedly 860,811 young people have signed up to begin mining the cryptocurrency. The government seems focused on incorporating young people into the project, probably due to their increased familiarity with the crypto world. These young people are going to be tasked with setting up mining farms.

Of this project, President Maduro notes:

We are going to call them, a special cryptocurrency team, to set up mining criptomenoda farms in all the states and municipalities of the country.

So it appears that the government will be setting up their own mining farms. One wonders how many confiscated computers are being used for such an endeavor. Of the over 860K signups, it’s reported that 300,000 are already in “productive tasks,” whatever that means. It would be interesting to see how many of the over 860K signups also appeared on the mandatory registry list.

What do you think about the Petro mining project? Will the coin achieve any level of value? Let us know your thoughts in the comments below.

Images courtesy of Pixabay, Shutterstock