Tesla has been struck by an insider attack; the very category of attack that cyber security experts have been stressing industries to establish formidable mitigations against.

#Tesla deals with #insiderthreat attack as gigabytes of data is stolen. Click To Tweet

The insider attack has been realized and confirmed by Tesla CEO Elon Musk. On June 17th, Elon Musk sent out an email to Tesla employees informing them of serious damages caused by an insider sabotage. Since the email was distributed, Tesla has identified the former employee, Martin Tripp, as responsible for hacking, stealing and leaking false data.

What data has been leaked?

Tesla has identified the data exposed by the insider, a former employee known as Martin Tripp. The lawsuit filed by Tesla states that the former employee hacked into the manufacturing operating system (MOS) via hacking software. “Several gigabytes” of data has been transferred to unknown third party recipients by the hacker. Some of the data stolen and distributed includes a video and at a least a dozen photographs of the manufacturing system.

Further, the insider made false allegations surrounding the use of punctured battery cells in Tesla vehicles. The value of scrap materials generated during manufacturing and false claims regarding new manufacturing equipment being brought online, were also reports made by the insider.

According to Newsweek:

“Tripp claimed that punctured battery cells had been used in certain Model 3 vehicles even though no punctured cells were ever used in vehicles, batteries or otherwise,” the legal filing stated. Tesla has requested court-backed access to Tripp’s computers, USB drives, cloud accounts and message histories to find “the extent to which Tesla trade secrets were wrongfully taken or sent to others.”

Who is Martin Tripp?

Martin Tripp has been identified and confirmed to be the Tesla former employee responsible for hacking and leaking sensitive company data. Tesla is suing Tripp on the grounds of hacking and stealing this data. Based on the investigations into Tripp’s actions it appears he planned and executed a detailed attack on Tesla.

The hacking software used by Tripp was operating off of 3 seperate computers. It was formatted to continue to export sensitive data off to unknown third parties even after Tripp left Tesla. By placing the hacking software on other computers, it would indicate that the computer users were responsible for exfiltrating data; wrongly indicating other Tesla employees.

Martin Tripp was a Tesla process technician employee at a lithium battery Gigafactory (since October 2017). Musk stated that,

“His stated motivation is that he wanted a promotion that he did not receive. In light of these actions, not promoting him was definitely the right move.”

Tripp has voiced that he is not a theft, rather he is a whistleblower.

“I am being singled out for being a whistleblower. I didn’t hack into a system. The data I was collecting was so severe, I had to go to the media,” said Martin Tripp, the defendant in Tesla’s suit, told CNNMoney soon after the suit was filed.”

According to CNNMoney, Tripp has stated his actions were fueled by his concern for investors and the public. He felt that they needed to be warned about issues inside Tesla. Additionally, he said he was concerned about the excess of scrap material stored in a dangerous manner that will be expensive to dispose of in the future.

Tesla is rebutting his claims per the lawsuit filed against Martin Tripp.

Heed this warning

Tesla’s future is unknown; the lawsuit has just been filed and the legal proceedings have not yet begun. Will Martin Twipp be proven to be a malicious insider? Time will tell. But what we can take away from this insider attack is that if you do not currently employ insider threat detection tactics and prevention, you’re simply awaiting an attack. Take this insider caused data leak as a warning. Assess your data and data flow, your users (especially privileged users) and seek out an insider threat detection technology now.