Data Loss Prevention (DLP) , Governance & Risk Management , Insider Threat

Tesla Accuses Insider of Stealing Gigabytes of Data

Former Employee Accused of Hacking Software as Tesla Warns of 'Sabotage'
Tesla Accuses Insider of Stealing Gigabytes of Data
Inside Tesla's factory in Fremont, California

Tesla has filed a lawsuit against a former employee, alleging that he "unlawfully hacked the company's confidential and trade secret information and transferred that information to third parties."

See Also: Incident Response Guide: 10 steps to a Successful and Effective Incident Response Plan

Tesla, which builds electric vehicles, energy storage devices and solar panels, is based in Palo Alto, California.

Tesla's complaint against Martin Tripp.

The company's lawsuit names Martin Tripp, a former process technician at the company's Gigafactory in Nevada, who was hired in October 2017. Tesla's Gigafactory is a massive factory under construction in Sparks - outside Reno, Nevada - designed to produce lithium-ion battery packs.

The lawsuit accuses Tripp of violating federal and state trade secrets laws as well as Nevada computer crime laws. The company is seeking $1 million in damages.

But Tripp tells BBC News that he was seeking to highlight dangerous practices at the company, and that he's a whistleblower whose reputation is being smeared as a result.

According to the lawsuit, Tripp has admitted to some of the allegations against him, including hacking the company's systems and exfiltrating data to unnamed third parties.

"Tesla has only begun to understand the full scope of Tripp's illegal activity, but he has thus far admitted to writing software that hacked Tesla's manufacturing operating system ('MOS') and to transferring several gigabytes of Tesla data to outside entities. This includes dozens of confidential photographs and a video of Tesla's manufacturing systems," according to the lawsuit.

But Tesla has also accused Tripp of modifying software so as to automatically exfiltrate data as well as laying false flags to make it look like other, innocent employees were responsible for the theft.

"Beyond the misconduct to which Tripp admitted, he also wrote computer code to periodically export Tesla's data off its network and into the hands of third parties," according to the complaint. "His hacking software was operating on three separate computer systems of other individuals at Tesla so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties."

The lawsuit says Tripp was privy to private information. "As part of his job, Tripp had access to highly sensitive information relating to, among other things, certain facets of the manufacturing process for the company's battery modules."

Based on the claims, the lawsuit urges the court to help Tesla protect its trade secrets, "including by ordering the inspection of Tripp's computers, personal USB and electronic storage devices, email accounts, 'cloud'-based storage accounts, and mobile phone call and message history to determine the extent to which Tesla trade secrets were wrongfully taken and/or disseminated to others."

Tesla: Warning Signs Led to Transfer

Although Tripp was hired as a process technician, he was transferred to a new, unspecified job role on May 17, following poor performance reviews. "Within a few months of Tripp joining Tesla, his managers identified Tripp as having problems with job performance and at times being disruptive and combative with his colleagues," the lawsuit states.

Tesla says that during interviews with Tesla investigators on June 14 and 15, Tripp admitted to hacking systems and exfiltrating data. "During the interview, Tripp also admitted that he attempted to recruit additional sources inside the Gigafactory to share confidential Tesla data outside the company."

Tesla didn't immediately response to a request for comment about whether Tripp was fired or voluntarily quit.

Tesla's Gigafactory in Sparks, Nevada (Source: Planet Labs)

'Please Be Extremely Vigilant'

Elon Musk, the founder and CEO of Tesla, on Sunday told employees in an email, obtained by CNBC, that he learned over the weekend that there had been a saboteur inside Tesla.

"I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations. This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties," Musk wrote.

The employee allegedly said his actions were in reaction to his not having received a desired promotion.

"The full extent of his actions are not yet clear, but what he has admitted to so far is pretty bad. His stated motivation is that he wanted a promotion that he did not receive. In light of these actions, not promoting him was definitely the right move," Musk said.

The CEO also suggested that the case might also be much more complex. "However, there may be considerably more to this situation than meets the eye, so the investigation will continue in depth this week. We need to figure out if he was acting alone or with others at Tesla and if he was working with any outside organizations."

'There is More'

Musk called on employees to "please be extremely vigilant" and to email the company - anonymously or otherwise - if they saw signs of anything suspicious.

Asked Wednesday via Twitter by Ars Technica reporter Cyrus Favriar if his email had been referring to the lawsuit against Tripp, Musk responded: "There is more, but the actions of a few bad apples will not stop Tesla from reaching its goals. With 40,000 people, the worst 1 in 1000 will have issues. That's still ~40 people."

Information Security Media Group could not independently confirm any of the claims made in the email or lawsuit.

Later on Wednesday, things took a bizarre turn when Tesla reported that it had received a warning from a "friend of Mr. Tripp" that he planned to go to the Gigafactory and "shoot the place up," BBC News reports.

After investigating the allegation, however, local police later reported that they had found no "credible threat."

Sabotage or Whistleblowing?

But is Tripp a saboteur or a whistleblower?

Tripp tells BBC News he shared information with Business Insider, highlighting what he said were inefficiencies in the company's manufacturing processes, leading to a huge amount of waste material, or scrap. He also alleged that Tesla had taken punctured batteries put them back onto the company's manufacturing line.

Tesla has dismissed the latter assertion and maintains that the company's scrap rates are within acceptable parameters.

Tripp and Musk have also been communicating in a tense email exchange.

"You have what's coming to you for the lies you have told to the public and investors," Tripp said in the emails, seen by BBC News, that began their exchange.

"Threatening me only makes it worse for you," Musk later replied to Tripo via email. "Betraying your word of honor, breaking the deal you had when Tesla gave you a job and framing your colleagues are wrong and some come with legal penalties," he added. "So it goes. Be well."

'Small Fire' at Plant

On Monday, meanwhile, Musk sent another email to employees about a "small fire" on Sunday at the company's Fremont, California, in its "body production line," saying it wasn't clear if it was random.

Tesla said in a statement issued later that day: "Last night, there was smoldering in an air filter in the welding area of the body line. The smoldering was extinguished in a matter of seconds. There were no injuries or significant equipment damage, and production is back online."

In his email, obtained by CNBC, Musk again asked employees to "please be on the alert for anything that's not in the best interests of our company."

The Tesla CEO, drawing on former Intel CEO Andy Grove's famous maxim, told employees: "Only the paranoid survive."

This article has been updated with information from the Business Insider and BBC News reports.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.