Tech

Former Uber Chief Privacy Officer, Joe Sullivan, found guilty of hiding hacking behavior from authorities

Photo of news7f news7f10/05/2022
0 3 minutes read
Former Uber Chief Privacy Officer, Joe Sullivan, found guilty of hiding hacking behavior from authorities


Joe Sullivan, Uber’s former chief security officer, was found guilty by a jury in federal court on Wednesday of failing to disclose breach of customer and driver records to government regulators.

In 2016, while the Federal Trade Commission was investigating Uber for an earlier breach of its online system, Mr. Sullivan learned of a new breach that affected the Uber accounts of more than 57 people. million passengers and drivers.

The jury found Mr. Sullivan guilty of one count of obstructing the FTC’s investigation and one count of wrongdoing, or acting to conceal a felony from authorities.

The incident – believed to be the first time a company executive has faced criminal prosecution for a hack – could change the way security professionals handle data dumps.

“The way responsibilities are divided will be affected by this. What is recognized will be affected by this The way bug bounty programs are designed will be affected by this,” said Chinmayi Sharma, a resident scholar at the Robert Center for International Law and Security. Strauss and is a faculty member at the University of Texas at Austin Law School.

Sullivan’s trial ended on Friday, and the jury of six men and six women took more than 19 hours to reach a verdict.

Andrew Dawson, an assistant US attorney, declined to comment on the ruling. Lawyers for Mr. Sullivan and Uber did not immediately respond to requests for comment

Mr. Sullivan was removed from office by the FTC as it investigated a 2014 breach of Uber’s online system. Ten days after being deported, he received an email from a hacker claiming to have found another security hole in his system.

Mr. Sullivan learned that hackers and an accomplice downloaded the personal data of about 600,000 Uber drivers and additional personal information related to 57 million drivers and drivers, according to testimony and court documents. judgment. The hackers forced Uber to pay them at least $100,000.

Mr. Sullivan’s team called them to Uber’s bug bounty program, a way of paying “white hat” researchers to report security vulnerabilities. The program limits payments to $10,000, according to testimony and court documents. Mr. Sullivan and his team paid the hackers $100,000 and asked them to sign a non-disclosure agreement.

In his testimony, one of the hackers, Vasile Mereacre, said that he was trying to blackmail Uber.

Uber did not publicly disclose the incident or notify the FTC until a new executive, Dara Khosrowshahi, joined the company in 2017. The two hackers pleaded guilty to the October 2019 hack.

Countries often require companies to disclose breaches if hackers download personal data and certain users are affected. There is no federal law that requires companies or executives to disclose violations to regulators.

Federal prosecutors argued that Mr. Sullivan knew that revealing the new hack would prolong the FTC’s investigation and damage his reputation and that he hid the hack from the FTC.

“He took many steps to prevent the FTC and others from finding out,” Benjamin Kingsley, an assistant US attorney, said during arguments that ended on Friday. “This is an intentional withholding and concealment of information.”

Mr. Sullivan did not disclose the 2016 hack to Uber’s general counsel, according to testimony and court documents. He discussed the breach with another Uber attorney, Craig Clark.

Like Mr. SullivanMr. Clark was fired by Mr. Khosrowshahi after the new Uber CEO learned of the details of the breach. Mr. Clark was granted immunity by federal prosecutors in exchange for testifying against Mr. Sullivan.

Mr. Clark testified that Mr. Sullivan told Uber’s security team that they needed to keep the breach secret and that Mr. Sullivan changed the non-disclosure agreement the hackers signed to make it look like the hack. This work is a white hat study.

According to Clark’s testimony, Sullivan said he would discuss the breach with “a group” of top Uber executives. He only shared the problem with one member of Team A: then-CEO Travis Kalanick. Mr. Kalanick approved a $100,000 payment to the hackers, according to court documents.

Mr. Sullivan’s lawyers argued that he was merely doing his job.

They argued that Mr. Sullivan and others used bug bounty programs and non-disclosure agreements to prevent user data from being leaked – and to identify hackers – and that Mr. Sullivan did not conceal the incident. with the FTC.

Photo of news7f news7f10/05/2022
0 3 minutes read
Photo of news7f

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Vivo X Fold+ AnTuTu Scores Hints at High-Performance; Tipped to Feature 12GB RAM, 512GB Storage

Vivo X Fold + AnTuTu scores Suggestion in high performance; Limited to 12GB RAM, 512GB storage

09/20/2022
Amazon to Buy Roomba-Maker iRobot for About $1.7 Billion

Realme 10 With MediaTek Helio G99 SoC, 5,000mAh Battery Launched in India: Price, Specifications

01/09/2023
YouTube

YouTube’s Go Live Together lets you co-host a live stream – but there’s a catch

02/03/2023
Google Chrome

Google Chrome’s ‘Quick Clear’ Feature to Delete 15 Minutes of Browsing History Discovered on Android: Report

03/21/2023
Back to top button