Joseph Sullivan, a former Chief Safety Officer at Uber, allegedly tried to cowl up a 2016 hack of delicate information by funneling a hush cash cost of $100,000 in Bitcoin via a bug bounty program.
The hackers had obtained the drivers’ license numbers of roughly 600,000 Uber drivers in addition to non-public data for roughly 57 million customers.
In response to an Aug. 20 announcement from the U.S. Division of Justice (DoJ), Sullivan has been charged with obstruction of justice and misprision of a felony in reference to the 2016 hack. The previous CSO is accused of taking “deliberate steps to hide, deflect, and mislead” the Federal Commerce Fee (FTC) concerning the information breach and the related $100,000 Bitcoin (BTC) hush cash cost.
The DoJ accused him of stopping data of the breach from being reported to the FTC by funneling the Bitcoin hush cash via a bug bounty program. Ordinarily such applications are used for respectable funds to ‘white hat’ hackers who report on an organization’s safety points, not those that truly get hold of unauthorized information.
“We is not going to tolerate unlawful hush cash funds,” stated U.S. Lawyer David Anderson. “Silicon Valley just isn’t the Wild West.”
The company additionally alleges Sullivan tried to hide the corporate’s involvement within the breach by asking the hackers to signal non-disclosure agreements falsely stating they’d not obtained any private information from Uber — even whereas they had been nameless. When an investigation unmasked two of the people liable for the breach, the DoJ alleges Sullivan nonetheless requested for the hackers to signal NDAs quite than report them.
Two of the hackers concerned within the Uber breach pleaded responsible to fees of pc fraud conspiracy in October and at the moment are awaiting sentencing.
Negotiating with criminals
Corporations are more and more being compelled to deal immediately with cyber criminals — although most stay throughout the regulation whereas doing so. Representatives from U.S.-based company journey agency CWT had been capable of negotiate a 50% low cost from hackers demanding a $10 million cost after they stole delicate recordsdata from the corporate in July.
Extra lately, the College of California performed a week-long negotiation with a NetWalker ransomware group after it shut down seven of the establishment’s servers. The college was capable of persuade the group to come back down from $three million to $1 million utilizing respectful and flattering language of their chats.