Uber allegedly hacked rivals, surveilled politicians, and impersonated protestors

  News, Rassegna Stampa
image_pdfimage_print

Last month, details emerged about a secretive unit within Uber dedicated to stealing trade secrets, surveilling competitors, using self-destructing messages, and dodging government regulators. The accusations came from a former member of Uber’s security team, Ric Jacobs, whose 37-page letter detailing all of Uber’s shady behavior was sent to Uber’s management earlier this year. Prior to today, only snippets of the letter have been read aloud in court. Now, a redacted copy of the letter is public as part of the ongoing litigation between Uber and Waymo, the self-driving unit of Alphabet. And it’s a doozy.

The so-called “Jacobs letter” has become the latest twist in the high-profile case between two tech giants over the future of self-driving cars. Its incendiary content caps off a disastrous year for Uber, which has suffered a series of self-inflicted scandals that has upended its senior leadership and raised the prospect of criminal penalties.

At first glance, the Jacobs letter an incredibly detailed accounting of multiple unlawful actions by the ride-hail company. He alleges that Uber’s secretive Strategic Services Group (SSG) “frequently engaged in fraud and theft, and employed third-party vendors to obtain unauthorized data or information.” He also accuses Uber security officers of “hacking” and “destruction of evidence related to eavesdropping against opposition groups.” And he says Uber’s ex-CEO Travis Kalanick knew about a lot of it.

Another Uber employee, Nicholas Gicinto, along with SSG, conducted “virtual operations impersonating protesters, Uber partner-drivers, and taxi operators.” These Uber security employees went to great lengths to hide their surveillance activities from the authorities, Jacobs says. They used computers not purchased by Uber that ran on Mi-Fi devices, so the traffic wouldn’t appear on Uber’s network. They also used virtual public networks and “non-attributable architecture of contracted Amazon Web Services” to further conceal their efforts, Jacobs alleges. Who were they surveilling? Jacobs says SSG’s targets included “politicians, regulators, law enforcement, taxi organizations, and labor unions in, at a minimum, the US.”

And then there was Uber’s innocuously named Marketplace Analytics team. Jacobs says this group was responsible for “acquiring trade secrets, codebase, and competitive intelligence… from major ridesharing competitors globally.” According to Jacobs, Marketplace Analytics impersonated riders and drivers on competitor platforms, hacked into competitor networks, and conducted unlawful wiretapping.

In one of the weirder sections, Jacobs alleges that Uber’s surveillance team infiltrated a private event space at a hotel and spied on the executives of a rival company so they could observe, in real time, their reactions to the news that Uber had received a massive $3.5 billion investment from Saudi Arabia. That eavesdropping was directed by ex-Uber security chief Joe Sullivan at the behest of Kalanick, Jacobs says.

Jacobs, who was fired by Uber in April, took the stand at a hearing in San Francisco late November to answer questions about the letter. He confirmed much of what was written, but also contradicted some of the claims, including the specific mention of knowledge of stealing from Waymo. Jacobs’ disagreements reportedly come from the fact that he didn’t fully read the letter before his legal team sent it.

Uber has called Jacobs an “extortionist,” referencing the $4.5 million settlement he received over his claims about the company’s secrecy measures. But US District Court Judge William Alsup, who is overseeing the Waymo-vs-Uber case, called those claims “BS.” The emergence of the letter, outside the normal discovery process, caused Alsup to delay the jury trial for a second time. (The trial is now expected to begin in February.)

Uber has reportedly been scraping data on its competitors for years, collecting information on their drivers, routes, technology, and executives. According to Gizmodo, Uber gathered this data using automated collection systems that ran non-stop, amassing millions of records, and sometimes conducted physical surveillance. A source with knowledge said that Uber has recently put a stop to all of the automated scraping, but has only paused its practice of gathering information on its competitors using public APIs.

Jacobs goes into more detail about the sophisticated efforts Uber allegedly employed to disrupt its overseas competitors:

These tactics were employed clandestinely through a distributed architecture of anonymous servers, telecommunications architecture, and non-attributable hardware and software. This setup allows the MA team to make millions of data calls against competitor and government servers without causing a signature that would alert competitors to the theft. For instance, a sophisticated competitor [REDACTED] would set thresholds when they see devices attempting to request rides by the hundreds or thousands in a short period of time. However, if the data calls are diversified across what appear to be multiple devices and a broader time period, filters would not detect the anomaly.

In the meantime, Uber CEO Dara Khosrowshahi has sought to distance himself from the behavior described in the Jacobs letter, which took place before he took the reins from co-founder Travis Kalanick, while also acknowledging that many of those actions occurred and would no longer be tolerated. In an email to staff November 29th, Khosrowshahi said:

With regard to the allegations outlined in Ric Jacobs’ letter, I can tell you that we have not been able to substantiate every one of his claims, including any related to Waymo. But I will also say that there is more than enough there to merit serious concern. As I hope you’ve seen over the past 2.5 months, I will always be fair when people admit mistakes or bring hard problems to me. But let me be clear: I have drawn a line. I will not tolerate misconduct or misbehavior that was endorsed or excused in the past. Period.

“While we haven’t substantiated all the claims in this letter — and, importantly, any related to Waymo — our new leadership has made clear that going forward we will compete honestly and fairly, on the strength of our ideas and technology,” a Uber spokesperson said after the letter was filed in court. Lawyers representing Uber security officials named in Jacobs’ letter decried it as “character assassination.”

Earlier this week, the US Department of Justice confirmed that it is investigating Uber’s alleged theft of Alphabet’s trade secrets. In a letter to Alsup, the US Attorney from the Northern District of California said it had interviewed Jacobs as part of an on-going probe into Uber’s allegedly illegal activities.

The question, though, is how Waymo will try to convince a jury that the Jacobs letter proves its broader case against Uber, especially since Jacobs has declined to stand by some of the claims in the letter that relate to Waymo.

The suit centers around the alleged theft of thousands of documents by former Google self-driving engineer Anthony Levandowski. Shortly after Levandowski left Google, he founded Otto, a self-driving truck startup, which was subsequently acquired by Uber. Waymo’s lawyers have argued that Uber wound up with those allegedly stolen files and merely masqueraded the process as an acquisition. The self-driving car unit is seeking $1.9 billion in damages.

https://www.theverge.com/2017/12/15/16782138/uber-jacobs-letter-wiretap-fraud-theft-hacking