BREAKING: This is a breaking new story, so keep refreshing for more news as we have it.
As the automaker responsible for making what must be the smartest, most interconnected production car on the market today, Tesla Motors takes security very seriously.
So much so that when when competitors at the SyScan 360 white hat security conference managed to circumvents Tesla’s security protocols for its always-on remote telematics system, Tesla went on the offensive, carrying out a massive security recuritment drive at this year’s Def Con security conference.
But while Tesla Motors [NASDAQ:TSLA] might be able to keep its own cars safe, it appears that it has fallen prey to one of the most loathed menaces online today: hackers.
About an hour ago, Tesla appears to have fallen prey to a successful hacking attempt on its Twitter account, and for the past 45 minutes or so, we’ve seen some rather weird and…*ahem* un-Tesla posts.
What’s more, Tesla’s website appears down too, in what some experts online are calling a DNS redirect hack.
Twitter first. Here’s the last post that appears to have been made by Tesla staff around three hours ago:
— #RIPPRGANG (@TeslaMotors) April 25, 2015
What then follows at 9:52pm GMT is an announcement that the account has been compromised.
In short succession, there’s a whole stream of tweets, none of which originate from Tesla itself and which we’ll choose not to repeat here.
One offers free Teslas for anyone following the hackers, while another posts what appears to be a bona-fide phone number for fans to call if they want a ‘free’ car.
Here’s a screengrab, with some of the offensive stuff removed.
Within the last five minutes, Tesla’s twitter stream has expunged all of the offensive and hacked tweets, and the Californian automaker now appears to be back in control of its social media presence again.
Its site however, is still down for many.
We’re still not sure exactly what’s going on — Tesla unsurprisingly is a little busy right now to answer emails from the press — but we can tell you that folks far more experienced in the matters of online servers say that it appears that Tesla’s website has been the victim of a DNS redirect attack.
Every computer online has something called an IP address — it’s essentially a unique quartet of three-digit numbers punctuated by periods that provides a way for one computer online to find another.
As humans, we don’t remember number sequences all that well, so computers use something call DNS — or Domain Name Service — to help convert human-friendly text addresses (like www.teslamotors.com) into a series of numbers that the computer can understand. Every time you type a website address into your computer’s browser window, it heads to a DNS server (usually located at your internet service provider or search engine) where the text is translated into the 12-digit IP address the computer needs to head to.
For really large, popular sites, the actual server your computer is sent to will be different depending on where you live, since some sites use not just one but multiple different servers in multiple different locations around the world to keep traffic flowing smoothly.
To decide which IP address your computer goes to for a given website, hosting companies use something called load balancers.
In this instance, it appears that the hack originated by someone hacking into a load balancer used by Tesla to redirect traffic to its website, modifying the main DNS records to point somewhere else.
Instead of sending your computer to Tesla’s real site, the hackers told the load balancing system to look elsewhere instead. Namely, the supposed hacked site. Tesla’s original website is still there… you just can’t get to it.
That technique was also used to redirect Tesla’s emails elsewhere by modifying something called an MX record. MX records are DNS records that are used to direct emails to the correct recipient.
As the Twitter universe explains.
— GOD אֵל الله أكبر (@alg0d) April 25, 2015
As of now (23:15 GMT), we’re still seeing the hacked Tesla site, although we note that Tesla’s twitter account is back to normal. We’ll bring you any more news as we have it. We’ve reached out to several Tesla employees for official comment… but with Tesla’s email likely compromised, we’re not sure any of those emails will get through. We’ll let you know when we hear more. In the meantime, you’ll find an embedded storify below helping understand the timeline and what’s been going on.
[UPDATE: 23:43 GMT] We’ve just got off the telephone to Ricardo Reyes, Tesla Motors’ head of communications, who reports that Tesla is now “in control” of the situation but that Tesla is not able to make an official statement at this time.
That, we expect will come overnight.
[UPDATE: 23:49 GMT] Now Elon Musk’s Twitter Account has been compromised too.
[UPDATE: 23:54 GMT] Musk’s account now seems back to normal.
[UPDATE: 23:56 GMT] From our perspective, Tesla’s site is still down.
[UPDATE: 0:30 GMT] It looks like the popularity of the hacked site has overwhelmed the hackers website, or the poor site that the traffic was directed to – we guess they’re not used to Tesla Motors scale of web traffic!
[UPDATE: April 27] Tesla have revealed more on how the exploit was perpetrated: Tesla Motors Site Was Hacked Via AT&T Scam, Social Engineering, DNS Hack
You can also support us directly as a monthly supporting member by visiting Patreon.com.