Tesla suffers DevOps sabotage; Musk emails "concerning news"

Tesla is under attack from within. At least, that was Elon Musk’s message to his troops this week.

Elon emailed everyone to say he’d caught a saboteur. This ex-employee admitted making unauthorized edits to code and stealing sensitive data—or so we’re told. (No word if he was wearing sabots on his feet, though.)

But some are questioning Musk’s motives. In this week’s Security Blogwatch, we try not to sing the Beastie Boys.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Muskophobia 

Application Security Research Update: The State of App Sec in 2018

What’s that smell? Musk.

Salvador Rodriguez paints an abstract picture—Musk emails staff alleging employee 'sabotage':

Elon Musk said on Monday in an email to staff that an unnamed Tesla employee had conducted “extensive and damaging sabotage” … including allegedly making unspecified code changes … and sending … sensitive Tesla data to unnamed third parties.

Company spokeswoman … declined to comment. [We] could not independently confirm any of the claims.

Yikes. Lora Kolodny has more:

Musk alleged this employee tweaked code on internal products and sent company data out without authorization.

In 2016, after a SpaceX rocket exploded … Musk and SpaceX COO and President Gwynne Shotwell also looked into the possibility of sabotage. Several employees, from different divisions within Tesla, confirmed receipt of the e-mail.

Okay, but what did it actually say? Elon Musk has Some concerning news:

I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations. … What he has admitted to so far is pretty bad.

His stated motivation is that he wanted a promotion. [But] not promoting him was definitely the right move.

We need to figure out if he was acting alone or with others at Tesla and if he was working with any outside organizations. … There [is] a long list of organizations that want Tesla to die. These include Wall Street short-sellers … oil & gas companies … rumor has it that those companies are sometimes not super nice, [and] the multitude of big gas/diesel car company competitors.

So who’s to blame? Jamie Powell blames it on the boogie:

Don't blame it on the sunshine. … Corporate sabotage is obviously a big deal. An individual, if found guilty, can expect a criminal punishment.

But it was just a disgruntled employee with an axe to grind, right? At a large corporation like Tesla, this is hardly out of the ordinary.

Enemies are everywhere, comrade. The oil and gas industry is a familiar bogeyman, and it turns out that there has been a lot of auto industry corporate espionage over the years.

But hiring saboteurs strikes us as the sort of personal risk to reward assessment most financial types would baulk at. … If Tesla does eventually fail, it won't be because of the shorts. And we're pretty sure … Musk knows that.

But Qbertino disagrees:

I remember the flat-out lies newspaper test reports told about the range of Tesla cars and that were uncovered by the logs the car had recorded about how it actually had been driven. To me there is no doubt that behind the scenes specialised agencies and perhaps even darker machinations are at work to throw monkey wrenches into Tesla's attempt to build an market feasible electric car.

Systematic sabotage at Tesla? Really way more likely than most people would think, IMHO.

As does Okian Warrior:

When you short a stock … and the price goes up, you have to add money to your margin account to cover the potential loss.

Tesla stock is up almost 100 points over the last month, roughly 35% ($370 up from $275). Tesla short sellers are taking a bath right now, to the tune of $2 billion in the last month.

A fair number of those short sellers would be interested in throwing a pile of cash (say $100,000) at a disgruntled employee.

And Laxator2 quotes Nicholas Klein:

While Ford dominates now, all trends chip away at that domination, and Tesla is perfectly positioned to benefit from those trends.

"First they ignore you, then they ridicule you, then they fight you ..." Tesla has passed now the first two stages, so the fight is shaping up.

But Nikolai “short” Kondratiev suggests why $TSLA will fail:

Media & Twitter would have you believe the core 'short' thesis is that Tesla cannot produce 5,000 Model 3s per month. & you think, incorrectly, if you can achieve this, on a very sustainable basis, it will compel substantial short covering. That isn't the case.

I have seen CEOs, time & again obsess over 'the shorts' in their stock, feeling that they've isolated the single issue that will cause 'the shorts' to break. It seems you think it is achieving 5,000 Model 3's per wk. It isn't.

The problem is there is no sustainable demand for 5,000 Model 3's per wk, once the backlog of reservations is exhausted. The best case is you exhaust the reservations exponentially, creating the illusion of exponential demand, & hit the equity market hard at that point.

Regardless, ledow says there’s no need for Elonian outrage:

Musk "reacts" rather than acts. He just codifies his internal emotion towards something and sends that out to the world as a quotable company statement, rather than thinks or checks or moderates.

Anyone with a brain is just thinking "Well, you must have really poor source control."

Meanwhile, the pseudonymous @nycsouthpaw gooses the spruce: [You’re fired—Ed.]

At [best], you have to worry about the internal controls and attention to legal advice at a firm where the chief executive sends a company-wide email like this. At worst, gotta wonder if he’s going full Howard Hughes.

Why … not wait until he was in full possession of the facts about what happened within his own company before blasting out a letter?


The moral of the story?

What would you do if you had a saboteur? In fact, how would you know?

And finally …

“Journalists are afraid of Elon Musk”

 NSFW-ish: Occasional F-bombs and such


You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: NTSB/Flickr.

Topics: Security