
Tesla and FBI prevented $1M ransomware hack - noahmbarr
https://electrek.co/2020/08/27/tesla-fbi-prevent-ransomware-hack-gigafactory-nevada/
======
elliekelly
Buried in the footnotes of the criminal complaint:

> CHS1 [Confidential Human Source] is cooperating with the FBI because of
> patriotism to the United States and a perceived obligation to Victim Company
> A. CHS1 has not asked for and has not been offered any form of payment,
> including consideration regarding immigration or citizenship.

Does that mean this person is a foreign national? Would it be risky for this
person to return home (perhaps to Russia?) after assisting the US government
in this way?

~~~
nexuist
From the sounds of it CHS1 is probably a Russian national. I'm honestly
surprised s/he hasn't asked for compensation or a visa; although we don't know
who they are the ransomware group certainly does and I would be scared they
are plotting revenge (especially if they end up having to leave the US).

If I were the FBI I would be putting this dude in witness protection and
building them a new identity.

------
ahale13
I love reading stories about good people who step up and do what’s right. It
seems most of today’s media is slanted to highlight those people who make the
immoral, self-serving choice. Thank you, Tesla employee. Thank you for doing
the right thing.

------
toomuchtodo
Additional context:

[https://news.clearancejobs.com/2020/08/26/tesla-insider-
work...](https://news.clearancejobs.com/2020/08/26/tesla-insider-works-with-
fbi-to-turn-the-tables-on-russias-million-dollar-attempt-to-hijack-the-
network/)

[https://www.justice.gov/opa/pr/russian-national-arrested-
con...](https://www.justice.gov/opa/pr/russian-national-arrested-conspiracy-
introduce-malware-nevada-companys-computer-network)

------
techslave
muy interensante.

we _often_ theorize about / present a threat model of an insider becoming
malicious in exactly this way. rare that we hear of it actually occurring.

the number used in such threat modeling scenarios is typically $1MM. maybe we
need to up that to $4.5MM. (per TFA)

note the simplification in the headline: the $1MM was merely the insider’s
share, not the proposed ransomware amount.

~~~
joemazerino
The CWT ransom was 4.5M. Strange considering the Russians are willing to give
the attack method 25% of the (previous) take home.

------
ericalexander0
Sign of a new trend? Most ransomware teams use traditional tactics: phishing
to establish beach head, pivot to hunt down admin creds, game over. Some teams
make opportunistic use of perimeter vulnerabilities (ie pulse VPN).

Most companies struggle with basic security controls like patching. Very few
would survive insider threats with admin creds.

------
Ansil849
I really wish sites would stop using scribd to host primary documents, which
requires an account to be able to download them. Use something like
DocumentCloud instead - which is both leaner, and does not require account to
download files.

