Latest in Court

Image credit:

Reuters: Uber hacking investigation is targeting a Lyft exec


There is very little love lost between car-platform rivals Lyft and Uber. Nowhere is that more apparent than in a Reuters' article about anonymous sources pointing fingers at Lyft's technology chief Chris Lambert as the probable cause of an Uber hack. According to the report, after a massive breach of driver information back in February, Uber launched an investigation to determine who got into its system. That led it to court to determine who was behind a Comcast IP address that had accessed the security key the ride-sharing company accidentally left on GitHub. Even though the filing draws no connection to the actual hack (which according to Reuters sources was routed through a Scandinavian VPN) the court ruled that the information was "reasonably likely" to help the company find the person (or persons) involved in the breach.

Uber as a company has not identified Lambert. In fact the Comcast subscriber has remained anonymous throughout the court proceedings. Still, it's quite a leap to go from an IP address that accessed a publicly available file to outright hacking. The company believes that while there is no direct connection between the mystery Comcast IP and the hack, the identity of the person behind that address could shed some light on the breach. Which isn't all that far fetched.

Lance Cottrell, chief scientist of security firm Ntrepid told Engadget this type of situation is "characteristic of the kind of mistakes people make when conducting an attack." If the person behind the IP address stumbled onto the key while perusing Uber's GitHub account, it's already too late to start hiding who they are. It's usually not until a bad actor starts an actual attack that they take precautions like using a VPN or public WiFi to hide their identity. Of course that's if the anonymous internet user is actually responsible.

Cottrell also said we should question the thoroughness in which Uber excluded other IPs. It's unclear how many IP addresses hit the file, was in the tens or hundreds? How did it determine if someone was nefarious or not? Also, if the key was buried pretty deep in the company's GitHub page, there's a good chance it wasn't cached by Google. But if it wasn't, Google could have cached the file and anyone could have grabbed it without leaving a trail.

Concerning the speculation that an Lyft employee may have had something to do with the breach, Lyft gave Engadget the following statement: "Uber allowed login credentials for their driver database to be publicly accessible on GitHub for months before and after a data breach in May 2014. We investigated this matter long ago and there are no facts or evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach."

Uber declined to comment for this article.

[Image credit: Getty/AFP]

From around the web

ear iconeye icontext filevr