The hacking group Lizard Squad was very likely behind the cyberattack against Tesla's website, its Twitter profiles and Elon Musk's personal Twitter account on 25 April - not Islamic State (IS), a security researcher has said.
The security breach caused traffic to teslamotors.com to be redirected to a server in Amsterdam and a page showing photographs of Muslims and a YouTube video to be presented to visitors.
At the same time, the Tesla corporate Twitter account had its named changed to #RIPPRGANG, and both the corporate account and Elon Musk's Twitter account both began tweeting messages encouraging people to call a small computer repair shop in Illinois if they wanted a free car.
Although at one point during the cyberattack, the Tesla website was redirected to a domain that contained the word Isis in it, Andrew Hay from OpenDNS Security Labs thinks that it is highly unlikely that the terrorism group was involved.
"It's incredibly unlikely that Isis would have it out for Tesla as a company. It's even more unlikely that they'd direct their anger at a small Illinois-based computer repair shop," said Hay, who noticed that the Isis domain had been registered with ENom and was hosed with DreamHost Web Hosting in the US for several days in April.
Julius Kivimaki could be involved
Hay also mentioned that rumours are now being shared amongst the security research community that the breach, claiming that it was caused by "Ryan", also known as "zeekill" or "Julius Kivimaki" – allegedly a 16-year-old Finnish national who is allegedly tied to the Lizard Squad.
Blair Strater, an IT professional who blogs a lot about hacking and goes by the username r000t, is the person whose number was publicised on the hacked Tesla Twitter accounts.
Hay might have been misunderstood as Strater doesn't have a shop – in fact he posted on Twitter that someone turned up at his house wanting a free Tesla car.
Strater recorded a phone call from the hackers, and the voices on the other end sounded like young men, who kept repeating the words "Rippr Gang" and giggling.
He noted on Twitter that the website of EC-Council, an ethical hacker association, was hacked in the same way to the Tesla hack in February 2014.
Another prank by the Lizard Squad?
Lizard Squad is a group of up to 15 hackers which is gaining notoriety for attacking major companies like Sony, Microsoft and Facebook in order to publicise its hacking tool known as Lizard Stresser.
According to Hays, there is also no indication that any of the visitors to Tesla's website during the cyberattack have been at risk of downloading malware, which was proven by an analysis of the website's code, which is currently on Pastebin.
Tesla told Forbes that the cyberattack was caused by an individual who managed to trick telecom firm AT&T's customer support: "Posing as a Tesla employee, somebody called AT&T customer support and had them forward calls to an illegitimate phone number. The impostor then contacted the domain registrar company that hosts teslamotors.com, Network Solutions.
"Using the forwarded number, the imposter added a bogus email address to the Tesla domain admin account. The impostor then reset the password of the domain admin account, routed most of the website traffic to a spoof website and temporarily gained access to Tesla's and Elon's Twitter accounts."