I was pretty excited to find out on August 20 that some criminals apparently skipped the long line of people waiting to hack Uber and instead just decided to work there. I'm talking about Joe Sullivan, Uber's former Chief Security Officer, who we found out was "charged with obstruction of justice and concealment of a felony for his role in the attempted coverup of a 2016 hack that exposed the data of 57 million Uber customers and drivers."
Use of the word "attempted" here is pretty generous. A year after Sullivan was hired at Uber, the company got hacked hard: the October 2016 intrusion exposed personal information of 57 million users and leaked the license numbers of 600,000 drivers. "Uber didn't report the breach to anyone, especially not victims or regulators," I wrote when I summed it up for Engadget. "The company paid $100K to the hackers in hush money (as if that actually works) and concealed the payment in an expense column called bug bounty."
That's right: Sullivan and his team -- with the full knowledge and blessing of Travis Kalanick -- had the bright idea bribing the hackers with Bitcoin and NDAs, pretending it was a bug bounty, and then when Uber's new CEO Dara Khosrowshahi took over, Sullivan and his cohorts repeated the "bug bounty" lie to Khosrowshahi. [...]
What's also fun to think about is that Sullivan use to work with Mat Henley running their previous employer's security ops: Facebook, where Sullivan worked from 2009-2015. I mean, what are a couple (dozen) felonies between friends? [...]
Look, we know that Silicon Valley is an engine powered by white collar crime (emphasis on the white). But it gets even more awkward when we find out that after Sullivan's absolute poo-flinging shitshow at Uber, he was hired by... Cloudflare.