Elon Musk Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Sat, 17 Feb 2024 20:53:23 +0000 en-US hourly 1 https://wordpress.org/?v=87703 200474804 TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams https://gridinsoft.com/blogs/tiktok-elon-musk-cryptocurrency-giveaway-scams/ https://gridinsoft.com/blogs/tiktok-elon-musk-cryptocurrency-giveaway-scams/#respond Tue, 19 Sep 2023 07:50:52 +0000 https://gridinsoft.com/blogs/?p=16982 Recently, TikTok has been inundated with a flood of cryptocurrency giveaway scam videos spread across the platform. Mostly, these scams are masquerading as topics related to Elon Musk, Tesla, or SpaceX. The potential for quick and easy cryptocurrency makes these a constant and disturbing threat. TikTok flooded by “Elon Musk cryptocurrency giveaway” scams. Today, the… Continue reading TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams

The post TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams appeared first on Gridinsoft Blog.

]]>
Recently, TikTok has been inundated with a flood of cryptocurrency giveaway scam videos spread across the platform. Mostly, these scams are masquerading as topics related to Elon Musk, Tesla, or SpaceX. The potential for quick and easy cryptocurrency makes these a constant and disturbing threat.

TikTok flooded by “Elon Musk cryptocurrency giveaway” scams.

Today, the creativity of scammers trying to take advantage of TikTok’s massive user base is quite obvious. TikTok is facing a severe problem with the proliferation of numerous fraudulent cryptocurrency giveaway scams on the platform. Scammers are going all out for their profits. They create hundreds of websites posing as crypto exchanges or free giveaway sites. According to them, the only thing a user has to do to get free cryptocurrency is to register on their site and enter the promo code from the video.

And, of course, the slight nuance that the video is silent about is to pay a small amount for account activation, which will allow the user to withdraw funds. However, the reality is grim: paying the user out is absent in such a scenario. These scams are elaborate traps that steal users’ funds, leaving them empty-handed. Besides, there’s always the chance of being double-crossed. Although this scheme is quite old, it is still very effective — as the saying goes, old but gold.

The Elon Musk impersonation

Attackers learned long ago that promoting mass fraud on behalf of famous personalities is much more effective. Regarding media personalities, the first person who is associated with cryptocurrency giveaway scams is Elon Musk. Moreover, his bizarre behavior and habit of talking nonsense in public and promoting questionable things adds credibility to any scam that mentions the name of Ilon Musk. So, the scammers publish a fake video in which Fox News or others interview Elon Musk and promote a phony cryptocurrency giveaway.

TikTok crypto scam video screenshot
TikTok crypto scam video

The strategy means impersonating Elon Musk and his subsidiaries, Tesla and SpaceX. They are designed to make people think they are participating in a genuine promotion. Thus, some videos contain instructions on how to log into the listed website and enter a promo code to get free bitcoins. Many websites have very similar names like Moonexio[.]com, altgetxio[.]com, and cratopex[.]com or, as in our case, bitoxies[.]com.

How cryptocurrency giveaway scams works?

It starts with a TikTok video the user can find using the hashtag #bitcoinforbeginners. We see many identical videos as if they were copied. The only thing that makes them different is the promo code, which differs for each. We open a random video, see a fragment from the interview mentioned above on the cover, and then follow instructions on registering on the site.

Screenshots with steps from registering on the site to receiving a bonus by promo code
Steps from registering on the site to receiving a bonus by promo code

We open the site, register, and enter the code – voila! We have bonuses on our account. We try to withdraw them and see an error that says that to operate, and you must complete the account setup and activate it. For that, the service asks to deposit an amount equivalent to 0.005 BTC.

Withdrawal error
The website asks to deposit 0.005 BTC for account activation and withdrawal options

Obviously, after replenishing the account, you still cannot withdraw funds. The essence of this scam is to lure victims out of their funds in this way. In addition, the site asks for KYC information, with the help of which attackers will try to hack into our other legitimate accounts. This in total pushes the risks much beyond money losses.

It is also important to note that the mentioned websites may change their names, but retain the overall message. There is an entire pandemic of such sites going on – with absolutely the same design and promises, but different names.

Crypto scam main page screenshots
“My name is Legion”

How to avoid crypto scams?

The first thing this fraudulent scheme is based on is the unawareness of users. The second is greed and the desire to make a profit for nothing. We can help with the first, but the second comes with experience. It is essential to learn that you must pay for everything in life, and no one will give you anything for free. Besides, it would help if you did not get your investing advice from TikTok. Elon Musk’s crypto giveaways are like his promises to improve Twitter: they’re fake. Cryptocurrency is not something you can invest in just out of interest. Before investing, you should study this field well and understand it completely. Otherwise, losses are inevitable. In addition, we recommend that you only use official platforms and apps. The following red flags will help you identify scams:

  • The ad promises free cryptocurrency for performing simple actions such as subscribing to an account, watching a video, or commenting on a post.
  • The ad contains errors or typos.
  • The ad looks informal or unprofessional.
  • The ad requires entering your personal or cryptocurrency wallet information.

If you see a post or comment that fits one or more of these traits, it’s best to ignore it.

TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams

The post TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/tiktok-elon-musk-cryptocurrency-giveaway-scams/feed/ 0 16982
Vulnerability Found in Twitter Code That Provokes a “Shadowban” of the Victim https://gridinsoft.com/blogs/shadowban-on-twitter/ https://gridinsoft.com/blogs/shadowban-on-twitter/#respond Thu, 13 Apr 2023 18:13:25 +0000 https://gridinsoft.com/blogs/?p=14193 Recently, Twitter fulfilled a promise made by Elon Musk and published on GitHub the source code of its recommender algorithm, where a vulnerability was discovered that could send a user to a shadowban. Numerous researchers immediately took up the study of the source code, and now one of the problems they discovered was assigned the… Continue reading Vulnerability Found in Twitter Code That Provokes a “Shadowban” of the Victim

The post Vulnerability Found in Twitter Code That Provokes a “Shadowban” of the Victim appeared first on Gridinsoft Blog.

]]>

Recently, Twitter fulfilled a promise made by Elon Musk and published on GitHub the source code of its recommender algorithm, where a vulnerability was discovered that could send a user to a shadowban.

Numerous researchers immediately took up the study of the source code, and now one of the problems they discovered was assigned the CVE identifier. The vulnerability allows to achieve a “shadowban” of the victim, that is, someone else’s account will be hidden from others “without the right of recourse.”

Let me remind you that we also wrote that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company, and also that CERT launched Twitter bot that comes up with names for vulnerabilities.

Also the media wrote that Hacker George “GeoHot” Hotz Will Be a Twitter Intern and Promises to Fix a Search.

The issue was discovered by Federico Andres Lois while investigating the recommendation engine that powers the For You section of Twitter. According to the study, the coordinated efforts of other users can lead to a “shadow ban” of any account that is unlikely to be overcome.

In order for the victim to receive large-scale reputation penalties, it is enough to unsubscribe from him, enable mute for this account, block it or report violations.

According to Lois, Twitter’s current recommendation algorithm “allows for coordinated, non-recourse damage to [any] account’s reputation.” This issue has already been assigned CVE-2023-23218.

It turns out that any accounts that have undergone mass blocking and unsubscribing will receive a “shadowban” and will not be displayed in the recommendations of other people, while the owner of the affected account will not even know about the restrictions imposed on him. At the same time, the researcher notes that it seems that it is simply impossible to fix such a ban.

Lois writes that apps like Block Party, which allow Twitter users to filter accounts in bulk, are essentially tools that (intentionally or not) have a similar effect on users.

Many Twitter users have already started talking about the fact that the error can be used by numerous armies of bots on the platform. When a Twitter user suggested that Musk solve the problem by only allowing mute, blocking, and reporting for “blue tick” Twitter users, Musk replied that he wanted to know “who is behind these botnets”.

Global penalties should not be applied because they can be fooled quite easily, all penalties (if any) should be applied at the content level.writes Lois.

However, that would require Twitter to have a team of moderators, and they appear to have been fired en masse, along with other staff, when Musk took over the company last November.

Another obvious solution to the problem would be to use the entropy of time for negative signals, but according to Lois, the design of Twitter’s recommender algorithm makes it easy to overcome this. For example, by repeatedly following/unsubscribing from specific accounts every 90 days.

Such tactics can be used indefinitely.the expert says.

The post Vulnerability Found in Twitter Code That Provokes a “Shadowban” of the Victim appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/shadowban-on-twitter/feed/ 0 14193
Researcher Hacks Starlink Terminal With $25 Homemade Board https://gridinsoft.com/blogs/researcher-hacked-starlink-terminal/ https://gridinsoft.com/blogs/researcher-hacked-starlink-terminal/#respond Wed, 17 Aug 2022 10:23:53 +0000 https://gridinsoft.com/blogs/?p=9971 Lennert Wouters, a researcher at the Catholic University of Leuven, who previously discovered a bug that allowed to hijack Tesla in a couple of minutes, said that he hacked the Starlink terminal using a $25 mod chip. At the Black Hat 2022 conference, Wouters announced that he intends to make this tool available for copying.… Continue reading Researcher Hacks Starlink Terminal With $25 Homemade Board

The post Researcher Hacks Starlink Terminal With $25 Homemade Board appeared first on Gridinsoft Blog.

]]>
Lennert Wouters, a researcher at the Catholic University of Leuven, who previously discovered a bug that allowed to hijack Tesla in a couple of minutes, said that he hacked the Starlink terminal using a $25 mod chip.

At the Black Hat 2022 conference, Wouters announced that he intends to make this tool available for copying.

Elon Musk has launched more than 3,000 Starlink satellites into orbit since 2018. This satellite network is designed to provide Internet connectivity in the most inaccessible places on Earth, where previously connection was unreliable, expensive or completely unavailable.

Thousands more satellites are planned to be put into orbit as it develops, and Starlink, like any other new technology, became an interest to hackers and researchers.

Now Lennert Wouters has spoken about one of the first hacks of the Starlink terminal, a satellite dish (dubbed the Dishy McFlatface) that is commonly placed on buildings. To gain access to the firmware of the dish, Wouters dismantled the terminal he bought and developed a special tool for hacking it himself.

This role was taken over by a custom board (mod-chip) that was assembled from ready-made parts, the total cost of which was approximately $ 25. Once connected to a Starlink dish, the board is used for a fault injection attack, temporarily shutting down the system to bypass Starlink’s defense mechanisms. This “glitch” eventually allowed Wouters to reach the previously blocked portions of the Starlink system.

To create the mod chip, Wouters scanned a Starlink dish and created a board to match the existing Starlink board. Its mod chip needs to be soldered to an existing Starlink board and connected with a few wires.

The mod chip itself consists of a Raspberry Pi microcontroller, flash memory, electronic switches, and a voltage regulator. When creating the board for the user terminal, Starlink engineers printed the inscription “Made on Earth by humans” on it. Wouters’ mod chip says “Glitched on Earth by humans”.

Researcher Hacked Starlink Terminal

Researcher Hacked Starlink Terminal

Moreover, the researcher decided to open-source his tool by publishing his work on GitHub, including some of the details needed to launch the attack.

Let’s say you are intruders and want to attack the satellite itself. You can try to create your own system that will allow communicating with the satellite, but this is quite difficult. Therefore, if you want to attack satellites, it is better to enter from the side of the user terminal, because this will probably make your life easier.the expert writes.

Wired explains that the Starlink system consists of three main parts. The first is the satellites themselves, which move in near-Earth orbit at an altitude of about 550 kilometers and transmit signals to the surface. The satellites communicate with two systems on Earth: gateways that send internet connections to the satellites, and Dishy McFlatface dishes that users can purchase. Wouters’ research centered around user terminals, which were originally round, but new models are rectangular.

Researcher Hacked Starlink Terminal

Enthusiasts have been studying Starlink user terminals for a long time: they were repeatedly disassembled, discussed on Reddit, but Wouters was the first to pay attention to the security of the terminal and its chips. He says that he went through several stages and tried many different approaches before he created his open source mod chip.

Waters has been testing the Starlink system since May 2021, achieving 268 Mbps download speeds and 49 Mbps download speeds from the roof of his university building. After that, he decided to disassemble the device. Using a combination of “an industrial hair dryer, tools, isopropyl alcohol and a lot of patience,” he was able to remove the lid from the plate and gain access to its internal components. In the end, this helped to understand how the device boots and downloads firmware.

In general, Waters’ attack works by bypassing the security and signature checks needed to make sure the system starts up correctly and the code hasn’t been tampered with.

We use this to accurately time the implementation of a failure.Wouters explains.

So, when a Starlink dish turns on, the loader goes through a number of different stages. Wouters’ attack causes a crash in the first bootloader, a ROM bootloader that is flashed into the SoC and cannot be updated. After that, it becomes possible to deploy custom firmware and gain control over the terminal.

Researcher Hacked Starlink Terminal

The researcher notified Starlink about the vulnerabilities he found last year, and the company paid him a reward under the bug bounty program. Starlink developers even offered Waters an access to the device’s software, but he refused, as he was already deep in work and wanted to finish developing the mod chip.

That being said, Wouters notes that while SpaceX released an update to make the attack more difficult (it changed its mod chip in response), the underlying problem cannot be fixed until the company creates a new version of the main chip. For this reason, all existing user terminals are still vulnerable, although it has become more difficult to carry out an attack.

Although the mod-chip specs are available on GitHub, Wouters says he doesn’t plan to sell off-the-shelf boards, nor will he distribute custom firmware for the user terminal or give exact details of the glitch he was exploiting.

It’s worth noting that after Waters’ Black Hat speech, Starlink engineers released a six-page PDF document explaining exactly how they secure their systems.

We find this attack technically impressive, and this is the first such attack that we have become aware of. We expect attackers with invasive physical access to be able to perform malicious actions on behalf of a single Starlink bundle using its ID, so we rely on the principle of “least privilege” to limit the impact on the system as a whole.the document says.

Starlink experts emphasize that such an attack requires physical access to the terminal, and as a result of a boot failure, only one specific device can be compromised, but not the entire Starlink network.

Regular Starlink users do not need to worry about being affected by this attack or take any retaliatory action.Starlink concludes.

The post Researcher Hacks Starlink Terminal With $25 Homemade Board appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/researcher-hacked-starlink-terminal/feed/ 0 9971
Beware: New SpaceX Bitcoin Giveaway Scam https://gridinsoft.com/blogs/spacex-bitcoin-scam/ https://gridinsoft.com/blogs/spacex-bitcoin-scam/#respond Thu, 09 Jun 2022 19:36:52 +0000 https://gridinsoft.com/blogs/?p=8419 Crooks Make Elon Musk a Bait for Wannabe Cryptotraders Scammers again use SpaceX as a bait in fraudulent schemes. The statements of Elon Musk, CEO of the company, have been watched for a long time, and as soon as he says something about cryptocurrency, this immediately gives rise to a lot of food for fraudulent… Continue reading Beware: New SpaceX Bitcoin Giveaway Scam

The post Beware: New SpaceX Bitcoin Giveaway Scam appeared first on Gridinsoft Blog.

]]>
Crooks Make Elon Musk a Bait for Wannabe Cryptotraders

Scammers again use SpaceX as a bait in fraudulent schemes. The statements of Elon Musk, CEO of the company, have been watched for a long time, and as soon as he says something about cryptocurrency, this immediately gives rise to a lot of food for fraudulent schemes. Some scammers make expensive fakes, while others make do with little. Before the story of DeepFake Elon telling how to invest in the BitVex cryptocurrency platform had died down, a low-end legend of the same type had already appeared.

This time we are talking about the fake site spacex-btc[.]org. This site pretends to be SpaceX’s dedicated platform for some kind of cryptocurrency giveaway that should help people make money by trading on cryptocurrency price fluctuations. This website may be redirected to by banner ads from apparently not the most reliable websites.

So, first of all, let’s say it: it’s a FAKE.

And don’t be fooled by the fact that this website has an SSL certificate. Do not look at HTTPS in the line, but the very name of the site: spacex-btc. Yes, and with TLD org. This site is a pure spoof because this cowboy office has no connection with the authentic SpaceX website or company.

The site has a decent design, but it’s still not stylish enough for a company like SpaceX. If you look for flaws, you can immediately notice grammatical errors in the fake quote of Musk himself and the terrible layout of the page.

There is a chat button in the corner of the window. Of course, everything connected to luring money is performed perfectly in such offices. You can probably talk to them, and they probably have a call center. But don’t let that fool you. It may seem that no one will find it profitable to create an entire call center to ensure the credibility of a single fake page. But we must remember that the companies behind such scams work with many schemes at once, giving rise to deception on an industrial scale.

These websites have only one purpose – to get money from you. In 99.99% of cases, Forex-like deals in cryptocurrency that these companies advertise are done through the mediator, so you don’t even see your purchased cryptocurrency. Then a psychological game starts: the trading can be random at best. However, in the worst cases, scammers totally control the process. They can make their victims feel lucky and lure more and more money out of them.

Don’t buy into famous faces in advertising campaigns. If you are told that Elon Musk is launching his cryptocurrency or something like that, first check in the news if this is true.

The post Beware: New SpaceX Bitcoin Giveaway Scam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/spacex-bitcoin-scam/feed/ 0 8419
Teen gets remote access to 25 Tesla cars https://gridinsoft.com/blogs/teen-gets-remote-access-to-25-tesla-cars/ https://gridinsoft.com/blogs/teen-gets-remote-access-to-25-tesla-cars/#respond Thu, 13 Jan 2022 22:41:15 +0000 https://gridinsoft.com/blogs/?p=6913 19-year-old David Colombo said on Twitter that he gets remote access to 25 Tesla cars in 13 countries around the world. According to him, the problem was not with the automaker’s infrastructure, but with unnamed third-party software that some car owners use. Colombo says that he can remotely run commands on cars available to him… Continue reading Teen gets remote access to 25 Tesla cars

The post Teen gets remote access to 25 Tesla cars appeared first on Gridinsoft Blog.

]]>
19-year-old David Colombo said on Twitter that he gets remote access to 25 Tesla cars in 13 countries around the world.

According to him, the problem was not with the automaker’s infrastructure, but with unnamed third-party software that some car owners use.

This is not a vulnerability in the Tesla infrastructure. This is the fault of the owners. Therefore, I will need to contact them and report [the problem].the researcher writes.

Colombo says that he can remotely run commands on cars available to him (of course, without awareness of the owners), including disabling Sentry mode, opening and closing doors, windows, and launching Keyless Driving. In addition, the researcher can request the exact location of the car, see if the driver is present in the cabin, and so on.

Fortunately, hacker can’t interact with the Tesla’s steering wheel or brakes in this way, but even without this, he can come up with many dangerous attack scenarios.

I think it is very dangerous if someone can remotely turn up the music at full volume or open windows/doors while you are driving on the highway. Even continuous headlight flashing has the potential to have some (dangerous) effect on other drivers.says Colombo.

Bloomberg has received proof of his claims from the researcher, including screenshots and other documentation. So far, Colombo has not released any details of his attack, and also asked the media conceal the details until the vulnerability is fixed. According to him, MITER has already reserved a CVE ID for this bug, and Tesla security is already conducting the necessary checks.

Interestingly, the developers of a third-party app for Tesla, TezLab, reported that yesterday they discovered “simultaneous expiration of several thousand authentication tokens by Tesla”. This application uses the Tesla APIs that allow performing actions such as entering a car, enabling or disabling the anti-theft camera system, unlocking doors, opening windows, and so on.

Let me remind you that we talked about the fact that Hackers gained access to surveillance cameras in Tesla, Cloudflare and banks, and also that The researcher showed how to steal a Tesla Model X in a few minutes.

The post Teen gets remote access to 25 Tesla cars appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/teen-gets-remote-access-to-25-tesla-cars/feed/ 0 6913
Russian who tried to hack Tesla was pleaded guilty https://gridinsoft.com/blogs/russian-who-tried-to-hack-tesla-was-pleaded-guilty/ https://gridinsoft.com/blogs/russian-who-tried-to-hack-tesla-was-pleaded-guilty/#respond Fri, 19 Mar 2021 16:15:09 +0000 https://blog.gridinsoft.com/?p=5279 The Russian, who offered a Tesla specialist $1,000,000 for installing malware into the company’s network in Reno, Nevada, was pleaded guilty. In August 2020, we talked about the arrest of a Russian citizen Yegor Igorevich Kryuchkov, who came to the United States on a tourist visa. He was accused of collaborating with a group of… Continue reading Russian who tried to hack Tesla was pleaded guilty

The post Russian who tried to hack Tesla was pleaded guilty appeared first on Gridinsoft Blog.

]]>
The Russian, who offered a Tesla specialist $1,000,000 for installing malware into the company’s network in Reno, Nevada, was pleaded guilty.

In August 2020, we talked about the arrest of a Russian citizen Yegor Igorevich Kryuchkov, who came to the United States on a tourist visa.

He was accused of collaborating with a group of Russian cybercriminals and arrived in the United States on purpose, intending to recruit one of the Tesla employees working at the company’s factory in the city of Reno, Nevada. Allegedly, for this Kryuchkov received $250,000 from his accomplices.

According to court documents, Kryuchkov offered an employee $ 1,000,000 to install malware on the company’s network. It was assumed that the malware would allow hackers to connect to Tesla’s IT systems and steal data, which was then planned to be used to extort a multimillion-dollar ransom from the company.

Much appreciated. This was a serious attack.wrote Elon Musk on Twitter.

Finally, the plan failed, as the insider, whom they tried to recruit, reported about the plans of criminals to the FBI. Subsequent meetings between Kryuchkov and a Tesla employee were monitored and recorded, and then Kryuchkov was arrested as he tried to leave the country.

At first, the Russian did not plead guilty, claiming that he could prove the opposite in court. In this case, if the jury found him guilty, Kryuchkov would face up to five years in prison, up to three years under supervision and a fine of up to $250,000.

But, as it became known now, Kryuchkov still pleaded guilty and agreed to spend in prison from four to ten months, as well as remain under supervision for the next three years after his release.

The Russian pleaded guilty on one count – deliberate damage to a protected computer; it is planned that the verdict will be pronounced on May 10.the Ministry of Justice says.

Kryuchkov will not be fined, but Tesla will have to pay $14,824. Let me also remind you that I wrote about the IS researcher that found that the Tesla Model 3 interface is vulnerable to DoS attacks.

The post Russian who tried to hack Tesla was pleaded guilty appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/russian-who-tried-to-hack-tesla-was-pleaded-guilty/feed/ 0 5279
Fake cryptocurrency giveaways on behalf of Elon Musk brought scammers $580,000 https://gridinsoft.com/blogs/fake-cryptocurrency-giveaways-on-behalf-of-elon-musk-brought-scammers-580000/ https://gridinsoft.com/blogs/fake-cryptocurrency-giveaways-on-behalf-of-elon-musk-brought-scammers-580000/#respond Fri, 15 Jan 2021 16:26:10 +0000 https://blog.gridinsoft.com/?p=4990 The media have repeatedly written that scammers sometimes impersonate famous people. For example, last year, cybercriminals arranged fake giveaways of cryptocurrency on behalf of Elon Musk or SpaceX that had hard consequences for naive users. In particular, criminals are very fond of conducting fake distributions of cryptocurrencies on social networks on behalf of Mask, promising… Continue reading Fake cryptocurrency giveaways on behalf of Elon Musk brought scammers $580,000

The post Fake cryptocurrency giveaways on behalf of Elon Musk brought scammers $580,000 appeared first on Gridinsoft Blog.

]]>
The media have repeatedly written that scammers sometimes impersonate famous people. For example, last year, cybercriminals arranged fake giveaways of cryptocurrency on behalf of Elon Musk or SpaceX that had hard consequences for naive users.

In particular, criminals are very fond of conducting fake distributions of cryptocurrencies on social networks on behalf of Mask, promising users huge profits, if they first send them some bitcoins.

For example, in 2018, such Twitter action brought scammers over $180,000 in just one day.

Although years are passing, and many famous people have got check marks for account verification and even unambiguous postscripts in the spirit of “I don’t distribute cryptocurrency!”, Many users still believe in such fakes, and assume that Elon Musk, the Winklevoss brothers, Bill Gates and other famous personalities can indeed give out bitcoins to everyone.say Bleeping Computer journalists.

This statement is confirmed by their fresh material in Bleeping Computer, in which journalists report that such activity has become more frequent again, and the scammers have already managed to make good money.

The spike in fraudulent activity on Twitter was highlighted by a MalwareHunterTeam researcher. He said that more and more verified accounts are hacked, and then hackers use them to promote another fake distribution of cryptocurrency on behalf of Elon Musk.

Examples of such scams can be seen on the screenshots below.

cryptocurrency giveaways of Elon Musk

Typically, these tweets contain links that redirect victims to Medium, where the article advertises a fake bitcoin giveaway. The scheme is still simple: users are asked to send a certain amount of cryptocurrency, promising to return the already doubled amount back.

MalwareHunterTeam and BleepingComputer report that most of the accounts compromised during this scam have been inactive for a long time.

Investigators also remind that last year, after a large-scale attack, Twitter abandoned the versioning of accounts, and now such accounts are in even greater demand among cybercriminals, and a real hunt for inactive accounts is under way.

According to BleepingComputer and MetaMask, the scammers receive more than $580,000 in Bitcoin per week. At the same time, the fraud with the distribution of Etherium did not bring such success, and the criminals “earned” only $2,700 on it.

Let me remind you that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.

The post Fake cryptocurrency giveaways on behalf of Elon Musk brought scammers $580,000 appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/fake-cryptocurrency-giveaways-on-behalf-of-elon-musk-brought-scammers-580000/feed/ 0 4990
Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company https://gridinsoft.com/blogs/elon-musk-confirmed-that-the-russian-offered-a-tesla-employee-a-million-dollars-for-hacking-the-company/ https://gridinsoft.com/blogs/elon-musk-confirmed-that-the-russian-offered-a-tesla-employee-a-million-dollars-for-hacking-the-company/#respond Fri, 28 Aug 2020 16:38:30 +0000 https://blog.gridinsoft.com/?p=4224 Earlier this week, the US Department of Justice announced the arrest of 27-year-old Russian named Kryuchkov Yegor Igorevich, who came to the United States on a tourist visa. According to court documents, he was accused of attempting to bribe an employee of a company based in Nevada: Kryuchkov offered a million dollars to install malware… Continue reading Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company

The post Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company appeared first on Gridinsoft Blog.

]]>
Earlier this week, the US Department of Justice announced the arrest of 27-year-old Russian named Kryuchkov Yegor Igorevich, who came to the United States on a tourist visa. According to court documents, he was accused of attempting to bribe an employee of a company based in Nevada: Kryuchkov offered a million dollars to install malware on the Tesla network to hacking and stealing company’s data.

Although the indictment did not disclose the name of this victim company, several news outlets reported at once that the attack targeted precisely at Tesla, which owns a plant located in the city of Sparks, Nevada.

Tesla representatives did not comment on these rumors in any way, but last night the head of the company, Elon Musk, officially confirmed on Twitter that Tesla was the target of the attackers.

“Much appreciated. This was a serious attack”, — wrote Elon Musk on Twitter.

Million dollars for hacking Tesla

Law enforcement officials say that Kryuchkov is a member of a large criminal group that planned to use malware to gain access to the victim’s company network, steal confidential documents, and finally for demanding a ransom. At the same time, Kryuchkov promised a Tesla employee that other members of his “team” would launch a DDoS attack in order to distract the attention of the security service and hide the fact of data theft.

However, all the plans of the hackers collapsed, as the insider whom they tried to recruit reported about what was happening to the FBI. As a result, the FBI agents kept Kryuchkov under surveillance for almost the entire time of his stay in the United States, and then arrested him, collecting all the evidence necessary for prosecution.

ZDNet journalists compiled a chronology of what happened, fearing information from court papers. In the meantime, there is no need to know about it:

  • July 16: Kryuchkov contacts a Tesla employee (identified in the documents as CHS1) via WhatsApp and talks about his plans to visit the United States. The fact is that this person knew Kryuchkov before – they met back in 2016.
  • July 28: Kryuchkov flies from Russia to New York, travels to San Francisco and then to Reno, Nevada.
  • August 1: Kryuchkov contacts CHS1 by phone.
  • August 2 and 3: Kryuchkov, CHS1 and his friends go to Lake Tahoe, and Kryuchkov pays all expenses, and also tries not to get into the video surveillance.
  • August 3: On the last day of the trip, in the bar, late in the evening, Kryuchkov informs CHS1 that he is working in a certain group that deals with “special projects.” Allegedly, this group pays employees of various companies to install malware on the networks of their employers. Then Kryuchkov describes the entire scheme in detail and says that he can provide CHS1 with malware on a USB flash drive or send it by email.

    First, Kryuchkov told the employee that he would be paid $ 500,000 to install the malware, while Kryuchkov’s “colleagues” would arrange a DDoS attack to disguise the fact of data theft. As a result, CHS1 reports Kryuchkov to the FBI, and all their subsequent meetings are already under observation.
  • August 7: Kryuchkov has another meeting with CHS1. During this meeting, he again tries to convince CHS1 to take part in the criminal scheme, but this time he assures that his “team” has been running such “special projects” for many years, and insiders who have collaborated with them have been caught, still working in the same companies. Kryuchkov also suggests creating the impression that the infection comes from another employee at all (in case CHS1 wants to teach someone a lesson). During this meeting, CHS1 asks for $ 1,000,000 and also asks for an advance of $ 50,000.
  • million dollars for hacking Tesla
    Yegor Kryuchkov
    August 17: At another meeting, Kryuchkov discloses details of the group he works for. Specifically, he reveals that they make payments using escrow on Exploit (the name of a well-known hacker forum). Kryuchkov also says that he has already recruited at least two other insiders in the same way, and one of the companies hacked in the past has already paid the hackers a ransom of $ 4,000,000.

    In addition, Kryuchkov and CHS1 contact other members of the criminal group via WhatsApp and discuss payment and escrow details. Kryuchkov assures that one of the group members is an employee of a state Russian bank, and the group has already paid about $ 250,000 for the malware that was written specifically for the company where CHS1 works. Kryuchkov left the CHS1 phone number to be contacted in the future.
  • August 18: During the next meeting, Kryuchkov informs CHS1 that his “team” refused to pay the advance, because hackers had never done that before. However, they are allegedly ready to pay CHS1 million after cooperation. Kryuchkov said his own stake was reduced to $ 250,000 due to CHS1 requirements. He also said that he would need to provide “colleagues” with more detailed information about the employer’s network of CHS1, so that they can configure the malware.
  • August 19: Kryuchkov met with CHS1 again and said that the group is still ready to make an advance payment of 1 bitcoin.
  • August 21: Kryuchkov once again met with CHS1 and unexpectedly announced that this “special project” had been postponed due to another “special project” already launched, which should have brought the group a lot of money and so far requires concentration of all efforts. Kryuchkov said that he was leaving the United States and left instructions to the insider, in which he told in detail how the members of the criminal group would contact him in the future.

    After this meeting, the FBI agent contacted Kryuchkov by phone, and he tried to leave the country, but was eventually arrested in Los Angeles the next day.

Currently, Yegor Kryuchkov is in custody and the relevant charges have already been brought against him. If the court finds him guilty, he faces up to five years in prison.

Let me also remind you that I wrote about the IS researcher found that the Tesla Model 3 interface is vulnerable to DoS attacks.

The post Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/elon-musk-confirmed-that-the-russian-offered-a-tesla-employee-a-million-dollars-for-hacking-the-company/feed/ 0 4224