Tesla Employee Steals, Sabotages Company Data

The electric carmaker is the victim of an extensive and damaging insider attack, says CEO Elon Musk.

A Tesla employee used his trusted access to the companys network to steal a large amount of highly sensitive data and ship it to unknown third parties.
The incident is the latest reminder — as if any were needed — of the havoc malicious insiders can cause to organizations that dont have the right controls or processes in place for mitigating such risks.
Tesla CEO Elon Musk notified employees Sunday about an employee who had conducted extensive and damaging sabotage to the electric carmakers operations. In an email, Musk described the employee as making changes to Teslas manufacturing operating system using false usernames and then exporting a large volume of highly sensitive Tesla data to third parties.
As with many such incidents, the employee was apparently disgruntled over his job situation, failing to get a promotion that he thought he deserved. The full extent of his actions are not yet clear, Musk wrote. But what he has admitted so far is pretty bad.
The email went on to note Musks suspicions about there being more to the incident than might be first apparent. Many organizations want Tesla to fail, including short-sellers on Wall Street, oil and gas companies, and big car manufacturers worried abou Tesla advancing the progress of electric cars, Musk noted. If theyre willing to cheat so much about emissions, maybe theyre willing to cheat in other ways? he said.
Tesla is working on finding out whether the employee acted alone or was in cahoots with outside organizations, Musk said.
The Tesla incident is similar to countless other big security incidents involving malicious insiders in recent years. Edward Snowdens 2012 theft and subsequent leaks of classified documents from the National Security Agency (NSA) remains one of the most high-profile examples of insider abuse.
But there are numerous other examples as well. Just this week, former CIA software engineer
Joshua Schulte
was charged with stealing and leaking more than 8,700 confidential CIA documents. Schulte, who worked in the CIAs National Clandestine Service, abused his user privileges and access to CIA systems to pilfer the data, lock out other users, and delete evidence of his activity.
Going back, in 2016, the FBI arrested former NSA contractor
Harold Martin
for stealing some 50TB of data — including classified documents — over a staggering 20-year period. In 2015, an in-house banker at Morgan Stanley abused his trusted access to steal records on about 10% of the firms 3.5 million customers.
Others have used their insider status to lock people out of networks, destroy data, and commit trade secret theft on a huge scale. But no matter the action, the threat from such users is broader than many organizations might assume.
According to a recent insider risk survey conducted by Dtex Systems, 60% of organizations had malicious insiders who were actively using anonymous and private browsing to bypass enterprise controls and policies, says CEO Christy Wyatt. Seventy-two percent had malicious insiders who were actively using unauthorized applications like OpenVPN and Wireshark to evade security controls.
Dtex researchers also detected several instances of users escalating or granting administrative privileges to their accounts, granting those privileges to co-workers, and engaging in similar credential misuse activity, Wyatt says.
The Telsa case points to two frightening scenarios involving malicious insiders: exfiltration of valuable IP and the alteration of critical information, says Ken Spinner, vice president of global engineering at Varonis.
In a recent report, we found that 41% of companies had at least 1,000 sensitive files open to all employees, Spinner says. Companies are doing and creating, but theyre not locking down their data.
Malicious insider actions can be triggered by any number of reasons. But often the reasons are feelings of disgruntlement, retaliation for a perceived wrong, desire for monetary gain, or to gain competitive advantage for oneself or on behalf of someone else.
Many organizations are acutely aware of the threat. In a survey that Haystax Technology conducted last year, 61% of the respondents expressed concern about data breaches resulting from malicious insider actions. Yet responses to the issue have been varied and often held back by concerns over the proprietary nature of implementing rigorous employee threat monitoring and controls.
Cultural and political issues can make it harder to implement effective internal security controls, says Michael Daly, CTO of cybersecurity at Raytheon. So organizations need to convey the true value of monitoring.
First, insider threat monitoring protects the employees. It safeguards their personal data and prevents damage to the projects that they are working — their own jobs, their intellectual endeavors, he says. Second, an insider isnt just an employee. An insider is an external threat actor who has made it onto the internal network, using the employees accounts, pretending to be the employee.
Contrary to what some might believe, dealing with insider threats is not primarily a technology issue but an acknowledgment of risk issue, adds Raj Ananthanpillai, chairman and CEO of Endera.
Companies that understand the true risks to their businesses and to their brands have the willingness to implement effective workforce evaluation processes, he says. Businesses that are not willing to acknowledge that they could have insiders capable of creating great risks are doomed to discover this the hard way, Endera adds.
Related Content:
Former CIA Engineer Charged with Theft and Transmission of Classified Info
NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Govt Data
Insider Threat Fear Greater Than Ever, Survey Shows
Insider Threats: Red Flags and Best Practices

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for
more information

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Tesla Employee Steals, Sabotages Company Data