Former Uber security chief Joseph Sullivan is accused of paying hackers $ 100,000 in BTC for hiding information about the identity of 57 million users.
According to the US Department of Justice, in 2016, hackers broke into the database of the international taxi company Uber. Attackers gained access to the data of 57 million users, as well as to the driver's license numbers of about 600,000 drivers.
Sullivan is accused of deliberately not contacting law enforcement and paying the hackers $ 100,000 in bitcoin for silence, thereby obstructing the administration of justice. In December 2016, cybercriminals received a ransom as part of the vulnerability search reward program.
Despite the anonymity of the hackers, Sullivan entered into a nondisclosure agreement with them, according to which the hackers were required to keep the hacking of Uber's database secret and not store the received data. Even after Uber employees identified the hackers, it is believed that Sullivan demanded that the attackers re-sign the agreement with their real names.
Law enforcement agencies became aware of the incident only in November 2017, when the leadership of Uber changed. The hackers have already been arrested. If found guilty, Sullivan faces up to five years in prison for obstructing the law and up to three years in prison for harboring a crime.
Sullivan's spokesman said the charges were unfounded. As a cybersecurity expert, Sullivan worked with a team of international experts to conduct his own investigation. Therefore, without their joint efforts "it would hardly have been possible to find hackers" involved in this hack. Sullivan liaised with Uber's Legal and Communications departments on this matter as part of Uber's internal policy. The spokesperson stressed that decisions about disclosure or nondisclosure of information, as well as who can share such information, are made by the legal department of Uber, and not by Sullivan himself.
“Concealing information about the violation of the law is also considered a crime. This case should be a good example for companies what not to do. We urge you not to assist hackers and not succumb to the desire to hide information about gaining access to user data. By doing this, firms further exacerbate the risks for their clients, ”the US Department of Justice explained.
Last month, hackers hacked Argentine telecommunications company Telecom, demanding $ 7.5 million in XMR and threatening to double the amount if it was not paid within 48 hours.