Joseph Sullivan, a former Uber security chief, Allegedly, in 2016 an attempt was made to cover up a sensitive data hack by paying $ 100,000 in Bitcoin through a bug bounty program.
The hackers had obtained the driver’s license numbers of around 600,000 Uber drivers as well as private information from around 57 million users.
According to an announcement by the U.S. Department of Justice on Aug. 20 Sullivan was charged with obstruction of justice and a crime in connection with the 2016 hack. The former CSO is accused of “taking deliberate steps to hide, mislead and mislead the Federal Trade Commission (FTC) in connection with the data breach and the associated payment of $ 100,000 to Bitcoin (BTC).”
The Justice Department accused him of preventing the FTC from being notified of the data breach using Bitcoin for his silence through a bug bounty program. Typically these programs are used to make legitimate payments to “white hat” hackers They report about a company’s security issues, not the ones that are actually receiving unauthorized data.
“We will not tolerate illegal payments of money for silence”said District Attorney David Anderson. “Silicon Valley is not the Wild West.”
The agency also claims that Sullivan tried to hide the company’s involvement in the violation by asking the hackers to sign nondisclosure agreements falsely stating that they had not received personal information from Uber.even while they were anonymous. When an investigation unmasked two of the people responsible for the violation, the Justice Department alleged that Sullivan was still asking the hackers to sign nondisclosure agreements instead of reporting them.
Bradford Williams, a spokesman for Sullivan, said, “The charge is of no value.” in a statement to Cointelegraph.
“From the start, Mr. Sullivan and his team worked closely with Uber’s legal, communications, and other relevant teams, in line with the company’s written guidelines,” said Williams. “These guidelines made that clear Uber’s Legal Department, and not Mr. Sullivan or his group, were responsible for determining whether and to whom the matter should be disclosed.“.
Two of the hackers involved in the Uber violation pleaded guilty to the computer fraud conspiracy in October and are awaiting conviction..
Companies are increasingly being forced to deal directly with cyber criminalsalthough most of them stick to the law. Representative of the business travel operator CWTbased in the USA were able to negotiate a discount 50% to hackers requesting payment of USD 10 million after the theft of confidential company files in July.
Recently, The University of California held a week-long negotiation with a NetWalker ransomware group after seven of the institution’s servers went down. The university was able to convince the group to drop from $ 3 million to $ 1 million by using respectful and flattering language in their conversations.