On Thursday Joseph Sullivan, the deputy director of the cyber security at Uber Technologies, was suspected at disrupting the courts for attempting to cover a breach of the US-based company. The Department of Justice said in a statement.
In exchange for silence, hackers contacted Sullivan via email after the serious breach. They viewed and updated Uber details for nearly 600,000 Uber users, which contains personal information including driver’s license numbers. In addition to paying off hackers through a programme, Sullivan also signed non-disclosure agreements with the hackers, which allows hacking so-called “white hat” to identify security problems.
In order to pay US$ 100 000 to the hackers under the Uber ‘s program for the reward of security investigators who report faults, Sullivan, a former Federal prosecutor arranged the money from company’s accounts. It was by far the highest payment Uber has invested through the funding scheme, but did not include confidential data theft.
Sullivan is a previous security officer on Twitter, and he currently serves as Cloudflare ‘s head of cyber protection. In previous interviews, security personnel suggested that the Uber payoff was designed to compel hackers to acknowledge the money and to insure that the information regarding Uber contractors, especially on driving licenses, was lost.
The Uber company also paid 148 million dollars to resolve lawsuits from the fifty United States states and Washington , D.C. It was to slow to disclose the hack. Many companies out there have bounty programs and Uber is one among them, which are widely know to use different types of safety-enhancing tools to encourage hackers to abide by law. However, some people do not play by the rules.
Throughout the Uber case, the FBI found out that the two key attackers targeted other businesses as well which it claimed might have been stopped if the Sullivan had approached the law agencies before. All the attackers and Sullivan himself plead guilty and all of them now are waiting for the trial. The situation also shows that businesses charging for malware services are not excluded from the criteria for disclosing confidential private information, malicious applications and encrypting their own data.