Tag Archive for: Uber’s

Uber’s former security chief convicted of data hack coverup

/in


Uber Technologies Inc.’s former security chief was convicted of concealing a massive data breach in a case that prosecutors tied to the company’s troubled past under its original leadership.

Joe Sullivan was found guilty in federal court in San Francisco on Wednesday by a jury that rejected his claim that other executives at the ride-hailing giant were aware of the 2016 hack and were responsible for it not being disclosed to regulators for more than a year.

The trial featured almost four weeks of testimony that explored cybersecurity management as well as a shakeup at Uber in 2017 when a series of scandals drove co-founder Travis Kalanick out as chief executive.

Sullivan was convicted of both charges against him, obstructing a government investigation and concealing the theft of personal data of 50 million customers and 7 million drivers.

Sullivan, a former federal prosecutor who previously headed security for Facebook, is well known for his expertise in the field in Silicon Valley. He faces as much as eight years in prison, though his sentence probably will be far less.

“While we obviously disagree with the jury’s verdict, we appreciate their dedication and effort in this case. Mr. Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” said David Angeli, a lawyer for Sullivan. “We will evaluate next steps in the coming days.”

Companies are required under state and federal laws to promptly disclose data breaches. Uber’s mishandling of the 2016 attack on its servers resulted in the company paying $148 million in a settlement with all 50 states, which at the time was the biggest data-breach payout in U.S. history. Uber had previously been reprimanded by the Federal Trade Commission over a similar data breach in 2014.

Sullivan was accused of actively covering up the hack.

Prosecutors alleged that he quietly arranged for the company to pay the hackers $100,000 in bitcoin to delete the stolen data under the guise of a program used to reward security researchers for identifying vulnerabilities, known as a “bug bounty.” In return, the two hackers agreed not to…

Source…

Uber’s former security chief covered up enormous hack he said ‘did not exist’

/in


Uber Cybersecurity (Copyright 2022 The Associated Press. All rights reserved)

Uber Cybersecurity (Copyright 2022 The Associated Press. All rights reserved)

Uber’s former chief security officer has been found guilty of attempting to cover up a data breach in which hackers accessed tens of millions of customer records.

Joseph Sullivan was convicted of obstructing justice and concealing knowledge that a federal felony had been committed.

Mr Sullivan remains free on bond pending sentencing and could face a total of eight years in prison on the two charges when he is sentenced, prosecutors said.

“Technology companies in the Northern District of California collect and store vast amounts of data from users,” US Attorney Stephanie M. Hinds said in a statement. “We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users.”

It was believed to be the first criminal prosecution of a company executive over a data breach.

The lone hacker apparently gained access posing as a colleague, tricking an Uber employee into surrendering their credentials. Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is not known how much data the hacker stole or how long they were inside Uber’s network. There was no indication they destroyed data.

A lawyer for Mr Sullivan, David Angeli, took issue with the verdict. “Mr. Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” Angeli told the New York Times.

Uber did not respond to a request for comment.

Mr Sullivan was hired as Uber’s chief security officer in 2015. In November 2016, Sullivan was emailed by hackers, and employees quickly confirmed that they had stolen records on about 57 million users and also 600,000 driver’s license numbers, prosecutors said.

After learning of the breach, Sullivan began a scheme to hide it from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack, authorities said.

According to…

Source…

Uber’s hidden hack, tips for travel, and AI accent fixes • Graham Cluley

/in


Smashing Security podcast #285: Uber's hidden hack, tips for travel, and AI accent fixes

Uber may not face prosecution over its handling of a 2016 data breach – but its former chief security head does; how to defend your digital devices’ data while on vacation, and how to change your accent with artificial intelligence.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Plus don’t miss our featured interview with Ian Farquhar of Gigamon.




Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Paul Ducklin – @duckblog

Show notes:

Sponsored by:

  • Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
  • Gigamon – Gigamon’s latest report into the state of ransomware.
  • SolCyber – SolCyber delivers Fortune 500 level cybersecurity for small and medium-sized enterprises. If the bad guys aren’t being discriminating about who they’re attacking, how can you settle for anything less?

Follow the show:

Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Source…

Uber’s Former Security Chief Has Been Charged With Allegedly Covering Up a Data Breach. Good. – Slate

/in

Uber’s Former Security Chief Has Been Charged With Allegedly Covering Up a Data Breach. Good.  Slate
“data breach” – read more