Uber’s Cyber Hack One Piece Of Larger Ethics Breach: Report

The Jan. 8 episode of “Task Force 7 Radio” on VoiceAmerica, hosted by information security executive George Rettas, plunged even deeper into the allegations against the global ride-hailing company Uber.

New details came to light regarding Uber’s alleged misconduct when it comes to threat operations and intelligence gathering. Evidence points to a letter written on behalf of a former Uber employee, whose direct supervisors allegedly spearheaded a security strategy laden with illegality.

What’s more, the multi-billion-dollar company recently revealed an alleged cover-up with a 2016 hack that may have impacted over 50 million riders and drivers.

Needless to say – and just what Rettas pointed out – 2017 was not the most pleasant year for Uber, which appears to be dealing with the ramifications of a growth-first mentality under prior leadership and CEO Travis Kalanick.

The Jan. 8 “Task Force 7” episode was the first of the New Year, and Rettas looked back at N.Y. Times headlines from mid-December which he called “bombshell news.”

See Related: ‘Key To The Kingdom’: A Look At Decentralized Authentication

According to The Times, a 37-page redacted letter from former Uber employee Richard Jacobs outlines all kinds of questionable practices by the ride-hailing giant. Some of it “puts the entire Uber culture in question,” Rettas said, before noting the ethical boundaries the company may have crossed.

As first reported on Dec. 13, 2017, The Times noted that the first public confirmation of federal inquiries into the San Francisco-based company came as a result of a stolen trade secrets case between Uber Technologies and Waymo, the self-driving car company owned by Google’s parent company, Alphabet.

The case alleged that Anthony Levandowski, a former Waymo employee, stole trade secrets about driverless cars and used them at Uber, which has denied the allegations.

As Rettas pointed out, the “twist” comes in the DOJ submission to Judge William Alsup. A letter dated Nov. 22, 2017 informs the judge that additional evidence exists, which Uber did not present – referring to claims from Jacobs.

“The question is, when does a cyber intelligence program cross the line?” Rettas stated. “From a legal standpoint and an ethical standpoint.”

The Times reported that Jacobs appeared in court in November to testify for the government’s case. The court then made a redacted copy of Jacobs’ letter public.

“When criminal cases and civil cases cross paths, it’s highly unusual,” Rettas pointed out on the DOJ appearance in the case.

An Uber spokesman said that the company hadn’t substantiated all of the claims in Jacobs’ letter and that the company’s new leadership would compete honestly and fairly on the strength of its ideas and technology.

As Rettas pointed out, according to a Dec. 15, 2017 N.Y. Times article, Uber reportedly spied on key executives, drivers and more at rival ride-hailing companies.

The Jacobs letter was written on behalf of the former Uber employee by his attorney, and outlined the formation of internal teams designed to acquire trade secrets. Allegations include the company infiltrating chat rooms and scraping websites for data.

While the document paints a picture of the alleged competitive tactics used at Uber – with a team then led by Joe Sullivan, Rettas said, “I refuse to indict Joe before hearing from him directly, and allowing him to speak for himself.”

In a statement, Sullivan said, “From where I sat, my team acted ethically, with integrity and with the best interest of our drivers and riders.”

“There (must be) so much more to this story than we’ve heard,” Rettas opined. “We’d like to know and get to the bottom of it.”

See Related: CISOs Must Be 'Bilingual': Speak IT & Business

The letter also notes that Jacobs was Uber’s former manager of global intelligence (2016-17), and had previous experience in counter narcotics operations and Colombian counter drug policy.

Jacobs reported to Matt Henley, Uber’s director of threat operations. He also reported to Sullivan and followed orders from Craig Clark, Uber’s legal director for threat ops.

Jacobs reportedly stated that one internal team, Marketplace Analytics (MA), existed “expressly for the purpose of acquiring trade secrets, code base and competitive intelligence.”

The letter alleged that Uber committed violations of the Sarbanes-Oxley Act of 2002, which protects investors from the possibility of fraudulent accounting activities by corporations.

Jacobs alleged that Clark and Henley implemented strategies to cover up or falsify records to impede investigations, Rettas pointed out.

“(We’ll) see in a court of law whether this proves to be true or not,” Rettas said. “But it’s what Jacobs is alleging about his former supervisors…”

The whistleblower letter also reportedly states that Clark and Henley used encrypted, peer-to-peer software, Wickr Me, to communicate sensitive information within threat ops.

The “Task Force 7” Radio recap is a weekly feature on the Cyber Security Hub.

To listen to this and past episodes of "Task Force 7" Radio, click here.

Featured Image Credit: AlesiaKan / Shutterstock.com