【】

There's digital gold in them thar computers, and hackers are digging their way in.

Tesla is hailed as a cutting-edge company known for setting the agenda in its field, but when it comes to being the victim of malicious hackers hijacking its computer resources to mine cryptocurrency, it turns out it's just like everyone else.

According to cloud security company RedLock, Tesla has joined the growing list of companies that have been subjected to what experts call cryptojacking — a practice involving the theft of computer processing power to mine cryptocurrencies like bitcoin or Monero.

Hackers reportedly took control of Tesla’s (non-password protected) Kubernetes console — something that helps to administer a Google-designed "managed environment for deploying containerized applications" — and installed and ran crypto-mining software.

The report leaves some big questions unanswered, such as what mining software was used and what cryptocurrency was being mined. In the past, Coinhive has made a lot of news for mining Monero — the preferred cryptocurrency of criminals as it is seen to offer more anonymity than Bitcoin — on unsuspecting victims' computers. Just recently, Salon announced it would mine Monero on some visitors' computers.

Interestingly, whoever was behind the Tesla hack went to great pains to cover their tracks. According to RedLock, "the hackers had most likely configured the mining software to keep the [CPU] usage low to evade detection." Unexplained spiking CPU usage is often seen as a red flag for potential cryptojacking.

What's more, the attackers also "hid the true IP address of the mining pool server behind CloudFlare, a free content delivery network (CDN) service."

Basically, whoever was behind this really didn't want to get caught (surprise), and had some great tricks up their sleeve to evade detection. Perhaps they just really wanted to combine their love of Tesla and hodling bitcoin?

Tweet may have been deleted

RedLock reported its discoveries to Tesla, which quickly worked to rectify the situation. It also paid out a small bug bounty to the company, reports Fortune.

“We maintain a bug bounty program to encourage this type of research,” a company spokesperson explained to the publication.

While the security team at Tesla (with RedLock's help) was eventually able to lock this down, there is one type of cryptocurrency mining no amount of security hygiene will be able to stop — using power from the Supercharger network to run a mining rig.

But oh well, you have to start somewhere.

最新评论