Former chief of security at Uber Mr. Joseph Sullivan is facing chargers for allegedly covering hack attack amounting to what prosecutor’s term obstruction of justice. The cover up is said to have happened in 2016 exposing confidential information of approximately 57 million drivers and passengers.

Joseph was terminated from Uber in November of 2017 when the company found out about the data breach. The company also admitted to paying $100,000 as ransomware to a group of hackers so they could not cause further damages from information they had stolen from the company.

My Sullivan faces charges of taking deliberate steps to prevent the Federal Trade commission from finding out about the data breach. He also faces charges of mediating payment of ransomware to hackers through Bitcoin. The payment was concealed as a “bug bounty” reward used by companies to engage private security testers in identifying loopholes in their systems so they could improve security.

Sullivan is accused of compelling the hackers to sign non-disclosure agreements, falsifying claims of not stealing any data from Uber. Sullivan currently works at Cloudflare, where he says the company matches his passion of securing the internet.

My Sullivan is probably not the first one or the last one to cover up hack attacks, for fear of impact to the business. David Anderson, a lawyer termed Silicon Valley as not being the wild West. He went to say that good corporate citizenship is expected, including prompt reporting and co-operation with investigative agencies.

What prosecutors and lawyers perhaps fail to note is the potential effects of reporting these hackers. If Mr. Sullivan had perhaps reported them to investigative agencies, then they would have proceeded to further compromise the information stolen causing far reaching effects to Uber including legal suits, loss of customers and massive injury to the Uber brand.

Mr. Sullivan was also the chief security officer hence responsible for securing Uber Systems, any potential breaches spoke more about his incompetence perhaps as well as affecting his current and future job prospects. Sullivan was also not alone and might have perhaps consulted widely before taking action to pay the hackers off, what prosecutors should be doing is creating a conducive environment for corporates to report hacking events as opposed to victimizing corporate agents who were just looking out for themselves.


Comments are closed.