At 1:52 p.m. Pacific time this Saturday, a tweet appeared on the @TeslaMotors Twitter account which claimed that it was now under the control of a group of hackers known as the Lizard Squad. The name Autismsquad was also spotted in some of the crude collages which appeared on the Tesla website.
Lizard Squad claims responsibility for another hack
Lizard Squad also claimed responsibility for a number of hacks on both Microsoft and Sony gaming networks over the course of last year. This time around the hackers changed the Tesla account name to #RIPPRGANG, defaced the company website and posted a number of tweets.
The hackers took control after they hacked Tesla’s DNS and changed records relevant to its mail system. They then reset Twitter passwords by sending emails enabling password changes to email accounts under their control. It is currently unclear how they managed to change the DNS records.
During the attack, several tweets were posted on the Tesla account offering free cars to anyone who called a specific phone number, later found to belong to a computer repair shop in Illinois. There were also references to a Twitter user known as @rootworx, who later denied any connection to the hack, and said that he was a victim of their prank. At one point @rootworx posted that he was receiving “about five phone calls a minute” concerning the offer of a free car.
Free Teslas were also offered to those who followed certain accounts, and the company website was also edited to show that it had been compromised by the same group of hackers. At the same time, Tesla CEO Elon Musk’s account was hacked and similar messages posted to his followers, although normal service was resumed just under an hour later and all of the offending tweets were removed.
Tesla responds to hack
Tesla later released a press release which stated: “Our corporate network, cars and customer database remained secure throughout the incident. We have restored everything back to normal. We are working with AT&T, Network Solutions, and federal authorities to further investigate and take all necessary actions to make sure this never happens again.”
Lizard Squad famously took down the Xbox Live network last Christmas, ruining gifts for thousands of gamers. The attack was part of a promotional campaign for a cybercrime service offering a Distributed Denial of Service attack for hire. The attack on the Tesla website is rather less serious, seeing as it is hosted by a third-party, and does not mean that any sensitive information was compromised as it might have been if a corporate network was the victim of an attack.
Possibility of serious information breach
However if internet users are redirected to a website controlled by hackers, this can easily lead to the spread of malware. In the case of the Tesla hack, there is no evidence that this was the case, and it seems that the hackers were looking for attention rather than trying to steal and use sensitive information.
It must be said that losing control of email accounts presents an altogether more serious problem, because it could lead to the leak of confidential information. Hackers could use the information to embarrass the company, or attempt to extract money for its safe return, as well as potentially passing it on to industry rivals both in the U.S. or abroad. Chinese hackers are well-known for carrying out industrial espionage.
A trend for attacking the Twitter accounts of celebrities and brands has developed in recent months. Singer Taylor Swift was the victim of a similar attack just a few weeks ago, with hackers again looking for publicity rather than looking for any immediate financial gain.
By hacking highly visible public figures and popular brands, which often have thousands of followers on Twitter, hackers can take their message to a large audience in a matter of seconds. The fact that hackers were able to get into the Tesla Twitter account by posing as a company employee during a phone call to AT&T will presumably make the automaker draw up a new set of protocols for the protection of data linked to the company website, therefore improving the security of its Twitter account.
Lizard Squad and other hackers of the same ilk like to draw attention to themselves using these kind of stunts, but the danger is that one day they could use their skills to more sinister ends. Companies should be wary of protecting their Twitter and email accounts from hackers, who could uncover sensitive information.