Tag Archive for: covering

Former Uber security chief convicted on charges of covering up a hack in 2016

/in


Former Uber chief security officer Joe Sullivan has been found guilty of charges that he covered up a 2016 cyberattack where a hacker downloaded the personal information of more than 57 million people. The information stolen from Uber included names, email addresses, and phone numbers for more than 50 million Uber riders and 7 million drivers, as well as driver’s license numbers for another 600,000 drivers.

As reported by the New York Times and Washington Post, the jury convicted Sullivan on two counts: one for obstructing justice by not revealing the breach to the FTC and another for misprision, which is concealing a felony from the authorities.

This is believed to be the first time a company executive faced criminal prosecution over a hack.

He’d faced three counts of wire fraud, but prosecutors dismissed those charges in August. Sullivan had served as a security executive at other companies, including Facebook and Cloudflare, and, as the Post points out, in this case, he was pitted against the same San Francisco US attorney’s office where he had previously worked prosecuting cybercrimes.

The hack itself was described by the prosecution in their original complaint (PDF), noting that it almost exactly mirrored a 2014 breach of Uber that, at the time of the incident, the FTC was already investigating the company over. As the trial began in September, Uber’s systems were breached again in a hack linked to an alleged former member of the Lapsus$ ransomware group, forcing it to temporarily take some internal systems offline.

The 2016 breach occurred when two outsiders trawling Github found credentials giving them access to Uber’s Amazon Web Services (AWS) storage, which they used to download its database backups. The hackers then contacted Uber and negotiated a ransom payment in exchange for a promise to delete the stolen information, paid out in $100,000 worth of Bitcoin, and treated as part of the company’s Bug Bounty program. They eventually pleaded guilty to hacking the company in 2019.

Uber’s new CEO testified he “could not trust” his chief security officer.

As the Times notes, this is believed to be the first time a company executive faced criminal prosecution over a…

Source…

Ex-Uber chief security officer convicted of covering up data breach

/in


SAN FRANCISCO – The ex-chief security officer of Uber Technologies Inc. has been convicted of covering up a 2016 data breach involving 57 million of the San Francisco-based ride-hailing company’s users, according to the U.S. Attorney’s Office.

A jury on Wednesday found Joseph Sullivan guilty of obstruction of justice and misprision of felony, or having knowledge that a federal felony was committed and taking steps to conceal that crime, prosecutors said in a statement. He faces up to five years for the obstruction charge and up to three years for the misprision charge.

According to the U.S. Attorney’s Office, Sullivan was hired as Uber’s chief security officer in April 2015. The company at the time had recently disclosed to the Federal Trade Commission that it had been the victim of a data breach in 2014. The breach related to the unauthorized access of 50,000 customers’ personal information.

The FTC subsequently opened an investigation into Uber’s data security program and practices. In May 2015, a month after Sullivan was hired, the FTC served the company with a demand for information about any other instances of unauthorized access to user personal information as well as information regarding its broader data security program and practices.

Prosecutors said Sullivan played a key role in Uber’s response to the FTC – he supervised its responses to the FTC, participated in a presentation to the FTC in March 2016 and testified under oath on Nov. 6, 2016, regarding the company’s practices.

Ten days after he testified, Sullivan learned that Uber had been hacked again. The hackers reached out to Sullivan directly via email on Nov. 14, 2016, and informed him and others at the company that they had stolen user data, according to the U.S. Attorney’s Office. The hackers also reportedly demanded a ransom to delete that data.

All told, the breach involved 57 million Uber users and 600,000 driver’s license numbers.

Prosecutors said Sullivan did not report the new data breach to the FTC, other authorities or users; he instead arranged to pay off the hackers in exchange for them signing non-disclosure agreements in which they promised not to reveal the hack to anyone….

Source…

Ex-Uber chief security officer found guilty of covering up 2016 data breach

/in


SAN FRANCISCO – The ex-chief security officer of Uber Technologies Inc. has been convicted of covering up a 2016 data breach involving 57 million of the San Francisco-based ride-hailing company’s users, according to the U.S. Attorney’s Office.

A jury on Wednesday found Joseph Sullivan guilty of obstruction of justice and misprision of felony, or having knowledge that a federal felony was committed and taking steps to conceal that crime, prosecutors said in a statement. He faces up to five years for the obstruction charge and up to three years for the misprision charge.

According to the U.S. Attorney’s Office, Sullivan was hired as Uber’s chief security officer in April 2015. The company at the time had recently disclosed to the Federal Trade Commission that it had been the victim of a data breach in 2014. The breach related to the unauthorized access of 50,000 customers’ personal information.

The FTC subsequently opened an investigation into Uber’s data security program and practices. In May 2015, a month after Sullivan was hired, the federal agency served the company with a demand for information about any other instances of unauthorized access to user personal information, as well as information regarding its broader data security program and practices.

Prosecutors said Sullivan played a key role in Uber’s response to the FTC – he supervised its responses to the agency, participated in a presentation to the regulators in March 2016 and testified under oath on Nov. 6, 2016, regarding the company’s practices.

Ten days after he testified, Sullivan learned that Uber had been hacked again. The hackers reached out to Sullivan directly via email on Nov. 14, 2016, and informed him and others at the company that they had stolen user data, according to the U.S. Attorney’s Office. The hackers also reportedly demanded a ransom to delete that data.

All told, the breach involved 57 million Uber users and 600,000 driver license numbers.

Prosecutors said Sullivan did not report the new data breach to the FTC, other authorities or users; he instead arranged to pay off the hackers in exchange for them signing non-disclosure agreements in which they promised not to reveal…

Source…

GBT filed a Patent Application Covering a Commercial Method and Software Application Empowered by AI Technology

/in


Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.

SAN DIEGO, April 27, 2021 (GLOBE NEWSWIRE) — GBT Technologies Inc. (OTC PINK: GTCH) (“GBT” or the “Company”) filed a provisional patent for a commercial method and software empowered by its AI technology with U.S. Patent and Trademark Office (“USPTO”). The invention is targeting a wide variety of advertising and marketing applications and intended for all types of common media such as newspapers, magazines, publications, software, mobile apps, or any type of textual and graphical based material. The method and computer software may also be used on web sites using any Internet browser interface.

The method and software input is textual and/or graphical context in any standard format to produce an output with advertisement and marketing information symbols to attract potential customers attention. The produced material can include LOGOs, symbols, icons and other type of commercial oriented objects. Using the described invention within content of media, introduces a novel method to theoretically increase revenue due to a broader exposure to a marketing and advertising content. The system is targeted to be managed via GBT’s Artificial Intelligence algorithms for scanning a given text/graphics, identifying topics of interest within its context, and assigning commercial oriented objects as methods of advertisement and marketing. The AI engine is also capable of working via NLP (Natural Language Processing) to produce the desired results. The assigned application number is 63177669 and the filing date is April 21, 2021.  The Company is planned to file a nonprovisional application during the next few months.

“As part of our ongoing research and development activities we are filing a patent to protect another possible application for our AI technology, this time in the advertisement and marketing domains. The filed invention describes an innovative method and computer software that we believe has a potential to increase commercial exposure for products or services. It can be used for broad advertisement and marketing campaigns within common types of media like newspapers, magazines,…

Source…