Hacker News Re-Imagined

Former Uber Chief Security Officer to Face Wire Fraud Charges

  • 140 points
  • 7 days ago

  • @sofixa
  • Created a post

Former Uber Chief Security Officer to Face Wire Fraud Charges


@spoonjim 7 days

Replying to @sofixa 🎙

LOL. Imagine being such a corporatist that you end up going to jail to protect your employer.

Reply


@hn_throwaway_99 7 days

Replying to @sofixa 🎙

I thought it was really interesting that Mr Sullivan is a former US Attorney. Surely he would have known he was putting himself in significant legal jeopardy, no?

Reply


@birdieveritas 7 days

Replying to @sofixa 🎙

this happened at Sinclair Broadcast Group as well, someone should investigate

Reply


@ChicagoBoy11 7 days

Replying to @sofixa 🎙

The one thing I haven't understood is just what the value was of the non-disclosure agreement he asked the hackers to sign? Even if you abstract away that they are hackers who illegally accessed your data, apparently they were first signed... before??... Uber knew their real identities? So, what on Earth would a signature on a piece of paper from random internet aliases possibly accomplish?

Reply


@twelve40 7 days

Replying to @sofixa 🎙

"Uber’s new management ultimately discovered the truth about the breach and disclosed the breach publicly, and to the FTC, in November 2017."

This is so weird. Did the "old management" aka TK and Thuan Pham know about this and instruct that guy to pay $$$ and keep quiet? Sounds like it? Or did he pay the ransom secretly out of his own pocket?

So maybe it's someone else that should be held accountable and the "new management" is just throwing the CSO under the bus?

Reply


@raesene9 7 days

Replying to @sofixa 🎙

I have a feeling companies in the US will have difficulty filling CISO roles without offering golden parachutes (which kick in if the CISO is let go after disclosing a breach) in future.

In cases of breaches there will often be commercial pressure in a company not to disclose (to avoid financial impact)

With personal criminal liability being a possibility for the CISO they are then placed in the position of disclose regardless of internal pressure (risking their job) or don't disclose (and risk criminal prosecution)

Reply


@Lucasoato 7 days

Replying to @sofixa 🎙

> “If Mr. Sullivan had immediately reported the breach—instead of misleading the government by withholding information—the FBI could have been better able to assist Uber; also, the data breach of at least one additional large tech company may have been prevented,” said FBI Special Agent in Charge Fair.

Are there any hints about the other “large tech company” hit by the same hackers? To be transparent to the authorities is not always easy, but in this case, it could have prevented another attack :/

Reply


@EE84M3i 7 days

Replying to @sofixa 🎙

Is he still the CSO for cloudlare?

Reply


@mizzao 7 days

Replying to @sofixa 🎙

What was the upside of lying here? Seems like getting hacked is pretty common these days and I'm not surprised at all if some product I'm using tells me that they leaked my PII.

Why not just reveal the breach? Why risk going to jail just to avoid looking bad in your job? I don't think they would have even let him go because of this.

Reply


@Dave3of5 7 days

Replying to @sofixa 🎙

To be honest most of the C-Level of Uber seem super shady so I'm not surprised that he "allegedly" done this.

Reply


@Raed667 7 days

Replying to @sofixa 🎙



@ransom1538 7 days

Replying to @sofixa 🎙

"If Mr. Sullivan had immediately reported the breach—instead of misleading the government by withholding information—the FBI could have been better able to assist Uber; also, the data breach of at least one additional large tech company may have been prevented,” said FBI Special Agent in Charge Fair. "

NOTE: So, if you are black-mailed by hackers and pay you now go to federal prison. The only way to play with the hackers is not work with the FBI (obviously). I understand the 'anti-uber hn hate' here, but wow, being attacked by hackers, then getting scared, playing along, paying out blackmailers, then going to federal prison? Wirefraud could be 20 years in federal prison. This guy is worse than a rapist? Not following.

Also. If the FBI wants to talk to you - get a lawyer, they have no interest in "assisting" you. They do enjoy posting your name on "www.justice.gov" to permanently destroy your career though. Never, ever, ever talk to the FBI

Reply


@jacquesm 7 days

Replying to @sofixa 🎙

So, even in the US wiping your breaches under the carpet is no longer an option. The GDPR explicitly deals with this, unfortunately it still leaves some room for lawyering by not making explicit what a reportable breach is. Any breach should be a reportable breach, that would get rid of the gray area. But great to see the the justice department deal with this in a way that is responsible towards the victims of the breach, accountability of management is a good first step in the right direction.

Reply


@ErikVandeWater 7 days

Replying to @sofixa 🎙

Does anyone else find it odd that often press releases are highly upvoted on HN (as opposed to a news article on the subject)? I understand it's source material, but the objectivity you will find in a press release is almost certainly less than you will find in a good news article.

Reply


About Us

site design / logo © 2022 Box Piper