Exclusive: uber paid 20-year-old Florida man to keep the breach confidential data – sources
San Francisco/Washington (Reuters) – a 20-year-old from Florida, which is the responsibility of a large data breach at uber Technologies Inc [uber.UL] last year was paid by O the destruction of the data by the so-called “bug Bounty program usually used to improve the code a little pressure, three people familiar with the events told Reuters.
uber announced in November. 21 that the personal data of 57 million users, including 600,000 drivers in the United States were shawls in a breach that occurred in October 2016, and that it paid a hacker $100,000 to destroy the information. But the company didn’t reveal any information about the pirate or how you paid him the money.
uber payment in the past year through a program designed to reward security researchers who report flaws in the software company, these people said. S bug Bounty service – as such a program is known in the industry are hosted by a company called HackerOne, which offers its platform to a number of technology companies.
Reuters was unable to determine the identity of the hacker gold someone else’s sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.
the newly appointed uber CEO Dara Khosrowshahi has launched two of the government’s top security officials when it announced the breach last month, said that this case must be disclosed to the house at the time it was discovered, from the previous year.
it remains unclear who made the final decision to authorize the payment of the pirates to keep the breach Secret, although sources said the then, CEO Travis kalanick to note out a bug Bounty payment in November of last year.
Kalanick, who stepped down as CEO of uber in June, declined to comment on the matter, according to his spokesman.
payment of $ 100,000 through the bug Bounty program would be very unusual, with one form HackerOne Executive, saying it represents the “all-time record.” Security professionals reward the pirates who had shawls data, so it would be outside the normal rules of a bounty program where the payments usually $5,000 to $ 10,000 range.
HackerOne hosts the O s bug Bounty program goal is not management and does not play any role in determining whether the payments are appropriate or what it should be.
HackerOne Chief Executive Martin Mickos said he could not discuss the customer’s individual programs. “In all the boxes” when the bug Bounty award to be processed through HackerOne, we receive information identifying the recipient in the form of IRS W-9 or W-8BEN before the payment of the award,” he said, referring to the United States Internal Revenue Service forms.
according to two sources of repayment to confirm the hacker”s identity and have signed a confidentiality agreement to deter further wrongdoing. Uber therefore conducted a forensic analysis of hacker’s machine to make sure that the data has been cleansed, the sources said.
one source described the pirates “lives with his mother in a small house in an effort to help pay the bill”, adding that a member of the de ‘ s security team did not want to pursue prosecution of the individual who did notT appear to pose an additional threat.
Florida pirates pay the second person of the services that involved access to GitHub, a site widely used by programmers to store code to obtain authorization for access to the uber data stored in any other place, one of the sources said.
GitHub said that the attack did not involve failure of systems security. “Our recommendation is to never store the access codes possible, passwords, or other authentication gold encryption keys, the symbol of the company”, which said in a statement.
“shout from the rooftops.’
uber received an email last year from an unknown person demanding money in exchange for user data, a letter was forwarded to the company’s bug Bounty team what it described as the government’s routine practice for such offerings, according to three sources familiar with the matter.
bug Bounty programs are designed mainly to give security researchers an incentive to report vulnerabilities that revealed the programs of the company. Purpose complex scenarios can appear when dealing with hackers from obtaining information illegally, or request for a ransom.
some companies no more aggressive intrusions to the authorities on the basis that it can be easier and more effective to negotiate directly with the pirates in order to reduce any harm to the customer.
O s $100,000 payout sound on this issue at the time which is unusual in the context of this program, according to Luta security founder Katie Moussouris, form HackerOne Executive.
“if the project’s bug Bounty, it would have been ideal for everyone involved in the conflict from the rooftops,” Moussouris.
O s failure to report the breach to regulators, although they may have felt that we have to deal with the problem, was wrong, according to people inside and outside the company, who spoke to Reuters.
“create a bug Bounty program does not allow uber, the bounty of the service provider or any other company the power to decide breach notification laws don’t apply to them,” Moussouris.
uber launched sexually transmitted diseases to the Director of security, Joe Sullivan, deputy attorney general Craig Clark on their roles in the incident.
“none of this would have happened and I won’t make excuses for it,” Khosrowshahi said in a blog post announcing the hack last month.
Clark working for Sullivan, but it also stated that the government’s legal and privacy team, according to three people familiar with the arrangement. It is not clear whether Clark reported through the legal department, which typically deal with issues of disclosure.
Sullivan and Clark did not respond to requests for comment.
August interview with Reuters, Sullivan, a former Prosecutor and Facebook Inc (Facebook.O) head of security, he said an integrated security engineers and developers in the day “with the lawyers we have a team of public policy who know what the organization cares about.”
last week, three senior managers from the s unit security resigned from his position. One of them, the physical security chief Geoff Johns later said he didn’t on any case, sources told Reuters. The last of the three, the chief architect of the security, prithvi Rai, later agreed to stay in a new role.
(story support again to correct to 57 million users in the second paragraph, show the number of both passengers and drivers).
reporting by Joseph Menn in San Francisco and Dustin falls in the state of Washington, do additional reporting by Heather Somerville and Stephen Nellis in San Francisco; editing by Jonathan Weber and Bill Rigby
Asian shares hover near a 2-month-low growth U. S. policy risks weigh
Tokyo (Reuters) – Asian stocks hovered near two-month lows on Thursday, softer oil and copper prices and uncertainty over the U. S. policy keep many investors on the sidelines, even some high-tech bellwethers rose, after the door of the house.
MSCI ” s broadest index of Asia-Pacific shares outside Japan .MIAPJ0000PUS what has barely changed. It has slipped to 4.7 percent from the 10-year peak hit in November. 23 investors took profits after strong gains this year.
while some technology bellwethers such as tencent (0700.HK) Bab (Alibaba.Was) height of others, including material shares, such as North Korea’s POSCO (005490.KS), and it was slow.
in Japan the Nikkei .N225 gained 1.3 percent after having suffered from STIs in the biggest case since late March on Wednesday.
investors are looking forward to the final tax reform legislation in the United States, where it has the ability to the United States government shut down pages if Congress fails to agree on spending packages.
there are also fears of violent reactions in the Middle East, from President Donald Trump’s recognition of Israel.
“I would say markets are going through a healthy correction after the rally in three months or six months. I don’t think we need to panic,” said hirokazu Kabeya chief global strategist at Daiwa securities.
the MSCI’s measure of stocks around the world .MIWD00000PUS stood near Wednesday from two-week lows, while Wall Street index Standard & Poor’s 500 Index .SPX edged down fourth-straight session of losses.
relentless selling in the United States. Technology stocks that has pushed global stocks in recent weeks, subsided somewhat with the S&P technology shares .SPLRCT bouncing slightly to 0.75 percent.
the purpose of the energy sector screening begins U. S. market is less during the night decrease in oil prices.
the price of oil flirted with two-week lows after the big event on Wednesday when a sharp rise in the United States. Stocks of refined fuel suggest demand may be weak, while U. S. crude production hit another weekly record.
United States of America West Texas intermediate crude futures CLc1 traded at $ 56.14 a barrel, up 0.3 percent in Asian trading but not far off Wednesday’s low capacity of 55.87.
future Brent crude LCOc1 rose 0.3 percent to $61.42 a barrel after falling to $61.13 Wednesday from the lowest level since mid-November.
the price of copper, seen as a measure of the health of the global economy due to extensive industrial use, therefore, of the fur sharply earlier this week, raising concerns about the outlook for global growth.
“when you look at the growth in China’s industrial production and copper price financial 10 years, we can say that brass still looks a little expensive. Wouldn’t be surprised to see a further decline in copper if investors grow cautious of the possibility of a slowdown in Chinese output,” said Makoto Noji, senior strategist at SMBC Nikko securities.
copper CMCU3 traded at $ 6,578 tons, up 0.4 percent today, but still not far from a two-month low of $6,507 assessment.5 touched on Tuesday.
the currency market, the dollar stood near its highest level in two weeks against a basket of currencies the purpose lacks the momentum of many of the players are looking forward to how U.S. Republicans in the house of Representatives and the Senate wants to disagreements on the tax plan.
EURO EUR= fetched $1.1800, after a decline to its lowest level in two weeks of $ 1.1780 on Wednesday.
the dollar fell to 112.44 yen JPY=, slipping further from Monday’s High of 113.09 which was its highest level in more than two weeks.
The British pound was on the defensive after reaching a one-week low of $1.3358 on Wednesday regarding Brexit deal may be unlikely before next week’s key summit of European Union to a standstill on the Irish border.
fairy download traded at $ 1.3381.
bitcoin continued to swing wildly, rising 3.5 percent to a record level of $ 14,095 BTC=BTSP at one point cryptocurrency exchange Bitstamp. Goal by late morning it had pulled back to $13,768, an increase of about 1% From the previous day.
Silver XAG= extended STD decline since late last month to near five months low of $15.94 per ounce.
editing by Shri Navaratnam & Kim Coghill