Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Uber Exec Allegedly Hid 2016 Hack With $100Okay BTC ‘Bug Bounty’ Pay-Off

Joseph Sullivan, a former Chief Safety Officer at Uber, allegedly tried to cowl up a 2016 hack of delicate information by funneling a hush cash cost of $100,000 in Bitcoin by way of a bug bounty program.

The hackers had obtained the drivers’ license numbers of roughly 600,000 Uber drivers in addition to non-public info for roughly 57 million customers.

In response to an Aug. 20 announcement from the U.S. Division of Justice (DoJ), Sullivan has been charged with obstruction of justice and misprision of a felony in reference to the 2016 hack. The previous CSO is accused of taking “deliberate steps to hide, deflect, and mislead” the Federal Commerce Fee (FTC) concerning the information breach and the related $100,000 Bitcoin (BTC) hush cash cost.

The DoJ accused him of stopping information of the breach from being reported to the FTC by funneling the Bitcoin hush cash by way of a bug bounty program. Ordinarily such packages are used for professional funds to ‘white hat’ hackers who report on an organization’s safety points, not those that truly acquire unauthorized information.

“We won’t tolerate unlawful hush cash funds,” mentioned U.S. Legal professional David Anderson. “Silicon Valley is just not the Wild West.”

The company additionally alleges Sullivan tried to hide the corporate’s involvement within the breach by asking the hackers to signal non-disclosure agreements falsely stating that they had not obtained any private information from Uber — even whereas they had been nameless. When an investigation unmasked two of the people liable for the breach, the DoJ alleges Sullivan nonetheless requested for the hackers to signal NDAs fairly than report them.

Two of the hackers concerned within the Uber breach pleaded responsible to fees of pc fraud conspiracy in October and at the moment are awaiting sentencing.

Negotiating with criminals

Firms are more and more being compelled to deal straight with cyber criminals — although most stay throughout the legislation whereas doing so. Representatives from U.S.-based company journey agency CWT had been in a position to negotiate a 50% low cost from hackers demanding a $10 million cost after they stole delicate recordsdata from the corporate in July.

Extra lately, the College of California performed a week-long negotiation with a NetWalker ransomware group after it shut down seven of the establishment’s servers. The college was in a position to persuade the group to come back down from $three million to $1 million utilizing respectful and flattering language of their chats.