Tesla Motors is famous for its high performance, gadget-filled, electric cars – but that doesn’t necessarily mean that it’s a master of all technology.
This weekend, to the amusement of some on social media, Tesla’s website and Twitter account were hijacked by hackers.
Visitors to teslamotors.com found that in place of the normal sexy imagery of electric automobiles, hackers had added their own images and messages.
“Hacked by Autismsquad!
Tesla you have been raped by DEViN BHARATH and BLAiR STRATER
Check us out on Twitter”
Meanwhile, the company’s Twitter account (@TeslaMotors) had also suffered at the hands of hackers, who renamed it #RIPPRGANG and told the firm’s half a million followers that they should call a phone number if they wanted a free Tesla.
To add insult to injury, Tesla CEO Elon Musk’s personal Twitter account was also hijacked by the hackers, proving that being an internet billionaire isn’t necessarily a guarantee that you don’t suffer from first world problems.
Twitter user @rootworx, who was referenced in many of the tweets posted by the hackers, denied any connection with the breach, and said that the attackers had given out his home phone number as the one that users should call for the mythical free Tesla.
“Currently receiving about 5 phone calls a minute about a “free Tesla”. A free car is NOT being offered, please stop calling.”
The logical assumption is that @rootworx has really really upset someone, or at the very least they’re getting much amusement from pranking him when they hack accounts.
Tesla is far from the only high profile organisation to have its website hijacked recently. A similar fate, for instance, recently befell Google in Vietnam and Lenovo as Hot for Security reported a couple of months ago.
So, how are the hackers doing this?
Well, the first thing to realise is that – despite appearances – the websites of Tesla Motors, Google and Lenovo were not actually hacked. At no time did the hackers manage to gain unauthorised access to servers belonging to these companies.
Instead, the hackers were able to give the appearance that a web server breach had occurred by changing the site’s DNS records to point to another server, hosting the images and messages that they wanted visitors to teslamotors.com to see.
Quite how the hackers managed to gain control of Tesla’s DNS records is unclear, but it could have been a failure at the registrar the company chooses to look after its DNS entries.
But there’s more. We know that the hackers also managed to gain control of Tesla’s Twitter account, and that of its billionaire boss Elon Musk. How did they do that?
Well, it appears that as well as changing the DNS records for Tesla’s website, the hackers may have also altered the MX mail server records for teslamotors.com. That would mean that they could send any emails directed to someone@teslamotors.com to a mail server under their own control.
In short, the hackers could now read any emails sent to Tesla Motors.
Ouch.
With that in place, all that the criminals had to do was request a password reset for the Twitter accounts and wait for the confirmation email to be sent to the appropriate addresses at teslamotors.com.
Of course, if Tesla had login verifications enabled on their Twitter accounts chances are that the hackers would have found it tricky to tweet under the company’s name.
It’s worth remembering that any form of two factor authentication is better than having no additional security layer at all.
We should also be grateful that whoever compromised the Tesla Twitter accounts and hijacked the firm’s website appears to have been more interested in childish pranks rather than using the opportunity to spread money-making malware, phish for credentials or cause other harm to innocent consumers.
“Well, it appears that as well as changing the DNS records for Tesla’s website, the hackers may have also altered the MX mail server records for teslamotors.com.”
Well, in that case, one – let’s say ‘Coyote’ – might argue that it should be appreciated that all they were doing is stupid pranks, and not more serious things. Because if they had (one hopes not ‘have’) access to the DNS zone (or maybe zones?), they could cause all sorts of problems, much more serious than they demonstrated.
As for now:
;; ANSWER SECTION:
teslamotors.com. 300 IN MX 10 cluster4.us.messagelabs.com.
teslamotors.com. 300 IN MX 20 cluster4a.us.messagelabs.com.
and messagelabs.com seems to be correct (Symantec owned, anyway)… which is – if they did indeed change the MX RRs – a good sign.