Slashdot Mirror
Hackers Hijacked Tesla's Amazon Cloud Account To Mine Cryptocurrency
An unidentified hacker or hackers broke into a Tesla-owned Amazon cloud account and used it to "mine" cryptocurrency, security researchers said. The breach also exposed proprietary data for the electric carmaker. From a report: The researchers, who worked for RedLock, a 3-year-old cybersecurity startup, said they discovered the intrusion last month while trying to determine which organization left credentials for an Amazon Web Services (AWS) account open to the public Internet. The owner of the account turned out to be Tesla, they said. "We weren't the first to get to it," Varun Badhwar, CEO and cofounder of RedLock, told Fortune on a call. "Clearly, someone else had launched instances that were already mining cryptocurrency in this particular Tesla environment." The incident is the latest in a string of so-called cryptojacking attacks, which involve thieves hijacking unsuspecting victims' computers to generate virtual currencies like Bitcoin. The schemes have seen a resurgence in popularity as cryptocurrency prices have soared over the past year. In a statement, Tesla said, "We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it. The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."
Obviously, we can now never trust any tesla car again. Because unidentified unknown unknowable hackers! With unidentified unknown unknowable hacks, and their unbelievably hacky hacking! So hacky, these unidentified unknown unknowable hackers! SO!
Hackers Hijacked Tesla's Amazon Cloud Account... is more clear. The original reads like Tesla hacked Amazon.
TFA says unidentified hackers, not Tesla hackers.
The impact seems to be limited to ...
If this were Microsoft, you assholes would be all in a huff. But it's Tesla/Musk - the religion of dorks.
Make Donald crunch some bitcoin math in his prison cell to compensate the victims. Longhand.
I can assure you the only "proprietary data" Musk is holding is accounting discrepancies. LOL
I can't wait for the inevitable story of hackers getting into some manufacturers vehicle network (be it Tesla, Mopar, Ford, or GM) and using the ECM in the cars themselves to mine bitcoin. Or would the infotainment system processor better designed for bitcoin mining?
I doubt Tesla has any technology that would really be considered earth-shattering considering that the motor and electrical systems are not exactly unknown / cutting edge technology. Maybe a slight problem would be loss of strategic initiatives if there were any from the business side of things. A bigger problem would be paying for processing time from Amazon which is the equivalent of the hackers leeching cash and resources from Tesla. I'm somehwhat surprised thou that Amazon cloud being an obvious target of people trying to do this wouldn't have a security team that would be on the lookout of things like this. Surely it would be easy to write the equivalent of a viral scanner to look for cryptocoin algorithms and alert the owners "Ooops, you're crunching cryptocoins, have you been hacked?".
And here is today's attack that was not prevented by APK's work. APK is now trying desperately to see how he can claim that hosts could have prevented this but will instead just spam some ads for his work.
As much as everyone keeps cramming the cloud down everyone's PC as if its the only way to store data. How many times does it have to be hacked before we accept that its not that secure. Maybe some just feel they have no choice but to store in a cloud system, but obviously even AWS is not the best at securing data. Having access to possible information to tamper with software in cars is very dangerous, and another lesson on why self driving technology could be compromised by such access.
Wrong - Already got coinmining servers in my hosts file (long ago) you're pissed I burnt you here https://hardware.slashdot.org/comments.pl?sid=11761710&cid=56153412/ & here too https://yro.slashdot.org/comments.pl?sid=11731129&threshold=-1&commentsort=0&mode=thread&pid=56108241/ on that SAME account (already blocked threat servers in hosts)!
* "2 for the price of 1" & THIS is your "3rd strike 'yer out'" you UNIDENTIFIABLE troll chump!
APK
P.S.=> Thanks for making me look GOOD (albeit @ YOUR expense - not that you care - you're just an unidentifiable troll worm - public embarassment for you has been your WAY OF LIFE since birth, lol!)... apk
If so-called cryptocurrencies are really good innovation, why they attract so many criminals/criminal activity? :-)
Could it really be because, all cryptocurrencies themselves are scams and that is why they attract all kinds of criminals to the party?
If so-called cryptocurrencies are really currency, why no company/store can use Bitcoin as currency anymore?
Because the price of Bitcoin proved to be extremely unstable to use as a currency?
Would the result be different, if Bitcoin replaced by any other "cryptocurrency"?
Aren't all work the same way?
Or, they are not actually virtual currency but virtual investment?
But, if they are actually investment, why we need/want them?
What would happen to world economy, if people invested in virtual investments, instead of real investments?
Or, all so-called cryptocurrencies are actually just a modified (made decentralized and paying variable interest) Ponzi Schemes?
(Price of cryptocurrencies would keep increasing in the long term (by their design), so it is equivalent of paying variable interest to all long term investors.)
As more and more people invest in cryptocurrencies, it will become harder and harder to ban their trading everywhere!
All cryptocurrencies need to be banned globally before it is too late!
No C&C or mining server communique's possible if hosts block them from client malwares/scripts, dumbfuck! Any "attack" is USELESS then + I additionally block WHERE they client malware OR script is from too stupid fuck: There IS no way to be infected by it in the 1st place, stupid - you lose as always!
* People here have seen me do it LITERALLY 100's of times - You're failing @ every turn!
APK
P.S.=> I love how you EFFETELY & pitifullly TRY to "frame the narrative" with your "so YOU'RE SAYING" (I said what I just said just NOW above MANY TIMES on /. & elsewhere, you dumb fuck) - I'm now saying you are an UNIDENTIFIABLE stupid anonymous bitch too...apk
As if we needed another reason to ban cryptocurrency... but there it is.
Because someone hacked into Tesla's AZM account is no reason to ban cryptocurrencies.
Retard Alexander Peter Kowalski fails again to understand basic english, or how attacks happen.
Hosts would not have stopped the initial attack, nor would it have stopped the processes from running and consuming resources once the machines were compromised.
At best it would have stopped outbound communication long after compromise which isn't stopping the initial attack or the consumption of local resources.
Of course this is to be expected as like the retard he is he also believes that hosts does port filtering natively and can act like a firewall.
Then he posts a search that supposedly supports his claims that instead returns results of people telling idiots like him that hosts can't do that.
The truth is that retard Alexander Peter Kowalski does stuff like that all the time, like when he posts a link to a security expert who says black lists are shit without realizing that hosts is a blacklist.
I guess according to him making him look good means making him look like a retard, so this makes one wonder just how dumb is he if looking like a retard is better than normal?
FACT: See subject - hosts stop it (if host-domain name based - 99++% are) & that's that, period.
FACT: Hosts DO do port access filtering - e.g. 1.2.3.4:3128 .
FACT: Whitelists are easy to blow past (DLL injection goes right thru whitelists like a hot knife thru butter).
FACT: Hosts blacklisting works (& I've proven it vs. 100's of threats on /. alone)!
APK
P.S.=> * No "small wonder" you HIDE behind your UNIDENTIFIABLE anonymous posts - you know you're full of it & that I tear you apart every single time, you RETARDED trolll!... apk
FACT: See subject - hosts stop it (if host-domain name based - 99++% are) & that's that, period.
FACT: Hosts DO do port access filtering - e.g. 1.2.3.4:3128 .
FACT: Whitelists are easy to blow past (DLL injection goes right thru whitelists like a hot knife thru butter).
FACT: Hosts blacklisting works (& I've proven it vs. 100's of threats on /. alone)!
* You've done better than my APK Hosts File Engine 10++ SR-1 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ yourself? No (prove otherwise - you can't).
APK
P.S.=> * No "small wonder" you HIDE behind your UNIDENTIFIABLE anonymous posts - you know you're full of it & that I tear you apart every single time, you RETARDED trolll!... apk