Joseph Sullivan, a former Chief Security Officer at Uber, allegedly tried to cowl up a 2019 hack of delicate information by funneling a hush cash cost of $100,000 in Bitcoin via a bug bounty program.
The hackers had obtained the drivers’ license numbers of roughly 600,000 Uber drivers additionally to non-public info for roughly 57 million customers.
According to an Aug. 20 announcement from the U.S. Department of Justice (DoJ), Sullivan has been charged with obstruction of justice and misprision of a felony in reference to the 2019 hack. The former CSO is accused of taking “deliberate stairs to conceal, deflect, and mislead” the Federal Trade Commission (FTC) concerning the info breach and the related $100,000 Bitcoin (BTC) hush cash cost.
The DoJ accused him of fillet data of the breach from being reportable to the FTC by funneling the Bitcoin hush cash via a bug bounty program. Ordinarily such applications are used for reliable finances to ‘white hat’ hackers who report on an organization’s safety points, not those that really receive unauthorized information.
“We will not tolerate misbranded hush money payments,” mentioned U.S. Attorney David Anderson. “Silicon Valley is not the Wild West.”
The company additionally alleges Sullivan tried to hide the corporate’s involvement inside the breach by asking the hackers to signal non-disclosure agreements incorrectly stating that they had not obtained any private information from Uber – even whereas they have been nameless. When an investigation unmasked two of the people liable for the breach, the DoJ alleges Sullivan nevertheless requested for the hackers to signal NDAs somewhat than report them.
Two of the hackers concerned inside the Uber breach pleaded responsible to expenses of laptop fraud conspiracy in October and at the moment are awaiting sentencing.
Negotiating with criminals
Companies are more and more being compelled to deal instantly with cyber criminals – although most stay throughout the legislation whereas doing so. Representatives from U.S.-based company journey agency CWT have been in a position to negociate a 50% low cost from hackers tight a $10 million cost after they stole delicate information from the corporate in July.
More just lately, the University of California carried out a week-long dialogue with a NetWalker ransomware group after it fold seven of the establishment’s servers. The college was in a position to carry the group to come back down from $three million to $1 million utilizing respectful and ingratiatory language of their chats.