In general, hacking is a precise and honed skill that requires a deep understanding of computer networks and code. But sometimes literally zero code is required whatsoever, and hackers can use only a computer, phone, and their own relentlessness to get the job done — and the recent Tesla hack is a great example of this.
Last weekend both the website and Twitter accounts for Tesla Motors were hijacked by a group of hackers. Its homepage displayed poorly Photoshopped images along with a message that the company had been hacked by an online group called “Autismsquad.” Another hacker coalition named “RIPPRGANG” took responsibility for its Twitter takeover, however, so it’s still unclear whether the two groups are different or affiliated with each other.
Either way, how these rogue groups of online rabble-rousers gained access to Tesla accounts was surprisingly simple. Even more frightening, it could be performed by almost anyone.
SecurityWeek, which spoke with a Tesla spokesperson, explained that the two accounts were hijacked via a simple tactic dubbed “social engineering.” It went something like this:
- A hacker called AT&T customer support and posed as an employee of Tesla. This person then demanded all phone calls to the company be forwarded to a new fake phone number.
- Next, this malicious hacker got in touch with Tesla’s domain registrar Network Solutions. Since all the phone calls were being forwarded to the hacker, this person was able to easily add a new email address to Tesla’s domain administrator account.
- With this new email on the account, the hacker then reset passwords for the website and wreaked hours of havoc.
The Tesla spokesperson emphasised to SecurityWeek that no data was breached. “Our cooperate network, cars and customer databased remained secure throughout the incident,” Tesla said.
One day following the hack, both Tesla’s website and Twitter account are back to normal, but it’s a good lesson that sometimes seemingly sophisticated hacks are carried out using the simplest of techniques.