One of the past CSOs of Uber has been called to order for hiding what happened between Uber and some hackers in the year 2016. He is being reprimanded for spending $100K worth of Bitcoin without letting the authorities know.
The name of the former CSO in question is Joseph Sullivan. He has been accused of paying hackers $100,000 in Bitcoin after they stole some sensitive data. It is said he organized the payment through a hug bounty program.
The hackers got their way through the license numbers of 600,000 drivers working for Uber. In addition, they had secret details of 57 million users.
The U.S. Department of Justice announced yesterday (Aug 20) that Sullivan prevented the flow of justice and will be tried for misprision in relation to the hack of 2016. He is also said to have consciously and intentionally deceived the Federal Trade Commission about the hack and the hush money payment.
The DoJ also showed discontentment in how he paid the money through a big bounty program. Paying with such a method has been only allowed for ethical computer hackers and not those who do it in a criminal way.
According to the U.S. Attorney, David Anderson:
“We will not tolerate illegal hush money payments.”
Sullivan is also said to have compelled the hackers to sign a nondisclosure agreement so that they will never reveal that they had access to their data. In fact, Sullivan is also accused of meeting two members of the group to sign another NDA when the DoJ found them out.
Sullivan’s advocate, Bradford Williams said “there is no merit to the charges.”
“From the outset, Mr. Sullivan and his team collaborated closely with legal, communications and other relevant teams at Uber, in accordance with the company’s written policies,” Williams continued.
He added: “Those policies made clear that Uber’s legal department — and not Mr. Sullivan or his group — was responsible for deciding whether, and to whom, the matter should be disclosed.”
Two of those who were accused of hacking Uber’s data have agreed they did so. They are now waiting for their punishments.
Coming to terms with cyber criminals
Several companies now try to negotiate with cyber criminals without an intermediary. However, many of them still abide by the law in doing this. Sometimes, negotiation works just as was the case between CWT travel firm based in the U.S. and hackers when a ransom of $10 million was demanded. A 50% discount was later agreed upon.
In a similar case, the University of California had a long negotiation with the NetWalker ransomware group for one week. Instead of $3 million that was initially planned, the negotiation worked for them and the ransom was reduced to $1 million.