Uber Uses Software to Remotely Log Out to Preserve Customer Privacy Data

With 78 or more international offices, you might have to consider some possible opposition with government authorities. In 2015, Uber faced a series of investigations in China and various other countries and were looking to secure their information while being investigated. During these police raids, employees knew the drill: immediately log-off and make it nearly impossible for the police to access the information they had a warrant to retrieve, aka proceed with the “unexpected visitor protocol.”

For fear of sounding a little too suspicious, it’s important to know that Uber was trying to protect the privacy and security of their customers, drivers, and employees – especially abroad. After a lot of searching, Uber discovered a software titled, “Ripley,” which was said to be named after Sigourney Weaver’s character in the 1979 sci-fi movie, Alien. This special software is able to remotely disable, lock, or change the password on employees’ computers and smartphones in the event of a breach or police raid. As quoted in an Bloomberg.com article, “The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. ‘Nuke the entire site from orbit. It’s the only way to be sure.’”

According to Bloomberg, the software was used during a raid in Montreal in May 2015. The  idea behind this was for Uber’s team at the San Francisco headquarters to be able to shut down a device if necessary. At this point in time, the Quebec tax authority arrived at the office unannounced with a warrant. Uber’s on-site managers followed the protocol and alerted company headquarters about what was happening. Fortunately, with the use of Ripley, they were able to not reveal anything to the investigators by logging off from all the devices in the Montreal office immediately.

The employees are trained to alert and follow some simple procedures when someone arrives unannounced at its foreign office to protect their data. If the investigators begin to investigate Uber’s machines, they have a list of Do’s and Don’ts that the employees should follow. Do’s include cooperating with the authorities and disclosing requested documents. Don’ts say not volunteer any information, nor “delete, destroy, and hide any document or data.” It’s unclear though if they used this list when using the software Ripley. Although, it is clear that Uber has allowed authorities to leave the building with company laptops plenty of times before. It all depends on the legal privilege of the situation.

Uber said “Like every company with offices around the world, we have security procedures in place to protect corporate and customer data,” an Uber spokeswoman said. “When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”

Later, Uber started using off-the-shelf software called Prey and another named uLocker. Uber said that these softwares are able to protect the privacy of the drivers, Uber employees, and the passengers. Last March, the New York Times revealed that the company used secretive software called Greyball in some cities where Uber wasn’t yet allowed to operate. The software let the company target certain people, like the police, and showed them a mock-up version of the app that showed no cars available to hide the fact that they were indeed in operation.

According to the article, Uber is now under investigation by the US Department of Justice for its use of Greyball and is facing at least four other inquiries by the US government. As for the software Ripley, uLocker, and Prey being used by the Uber they have mentioned that there is nothing secretive about it. It’s basically the same software someone would use to track down their lost or stolen smartphones. However, an Uber Spokeswoman has mentioned that these softwares are even good for internal use. For instance, if an employee loses their laptop, we can just log them out of the Uber’s System to prevent the information from leaking and having someone else access private user data.

Top Cybersecurity Threats for Business

privacy

Adopting the latest in technology can help businesses get a leg up on the competition, but some forget that with new technology comes a need for updated security. Here’s what’s trending in business technology today and how each topic should affect your plans for information security.

Cloud Computing

Cloud computing enables users to connect to virtual servers from any remote location, operate with less concern about the inherent pitfalls of physical backups, and scale up quickly without crippling hardware expenses.

While the cloud provides many great benefits, every new platform for information comes with a need for new security protocol.

As more businesses move to the cloud, they should take the time to reexamine their network security plan- who has control over data access, what kind of security training users will need, what information is critical and how many layers of authentication will be needed to protect it, etc.

Your security needs will differ depending on what you host on the cloud and how users access that information. A safe way to ensure your information is protected is to consult with a specialist about your current security plans, and see what may be vulnerable with a transition to a new platform.

Remote Work

The internet provides employees great freedom to work from home and while traveling on business trips. While business networks are secured by firewalls, antivirus software, and other layers of protection, this is not the case when employees are not properly set up to work remotely.

Let’s say an employee is working from a cafe in Brazil- they check their email and send over a company file from their smartphone using an unsecure WiFi connection. The data transferred is likely subject to very lax security, and hackers could obtain sensitive company information.

To combat this type of data theft, companies with remote users or even multiple office locations accessing a remote data center should use virtual private networks (VPNs). VPN tunnels are easily set up at little to no cost. These secure connections protect any data transferred through dedicated connections and encryption protocols. Depending on user needs, a wide array of protocols can be implemented including Secure Sockets Layer (SSL) and Transport Layer Security (TLS), IP security (IPSec), Layer 2 Tunneling Protocol (L2TP)/IPsec, Point-to-Point Tunneling Protocol (PPTP), Secure Shell (SSH), and more.

Malware: The Proliferation of Ransomware

You are probably familiar with different types of malware- intrusive software meant to harm your system. These viruses come in the form of worms, trojans, spyware, and more embedded in seemingly harmless files.

Ransomware, a very specific type of malware, has gained popularity among hackers and will continue to be prevalent in 2016. When a system is infected with ransomware, files are encrypted so they cannot be accessed, bringing business to a halt. The system is essentially up for ransom under a certain time limit, and will only be decrypted once the owners pay a large fee to hackers, if the time limit is expired and no payment is made, the files will remain encrypted.

Ransomware prevention comes down to up-to-date security protocols and staff training. A backup plan to restore files in the case of a ransomware infection can help companies save valuable time, money, and the trust of their customers.

Social Engineering and Human Error

According to IBM, in 2014, human error played a role in over 95% of security incidents. Are your employees aware of information sharing protocol? Can they identify a phishing email attempt? Data security should be talked about regularly and often with your employees to ensure they can identify threats and will be prepared to protect your business information. Educating your employees about current security trends through proper training and testing is the best way to avoid data breaches through human error.

As business technology trends change, so will the ways in which hackers try to exploit vulnerabilities in the system. Even with the hardware and software needed to protect sensitive information, a network security plan is incomplete without proper staff training. Ninety-five percent of cybercrime incidents in 2014 occurred due to human error. Being well versed in the different tactics used by information thieves can prepare users to recognize threats, and choose the right plan of action.

If you have questions about your cyber security risks and how you can mitigate them, whether personal or for business, visit our cyber security services page and contact Inverselogic to speak with an expert.

Cybersecurity Trends for 2016

Today we can do just about everything with the help of the internet- view and control bank accounts, peruse and shop from stores around the world, connect with new people or video chat with distant friends and family, even control smart objects like kitchen appliances from afar. The same effect can be observed in business, with more and more day-to-day operations becoming automated or conducted online.

It’s no surprise that privacy and online security is going to be a prolific topic of concern in 2016 and beyond. With all kinds of sensitive information being transferred between different parties, hackers have more opportunity than ever to try and steal information to either sell on the dark web or use for their own financial gain.

There are many precautions consumers and businesses should take to stay in control of their confidential information and protect business assets. For users, get started with our comprehensive Guide to Cyber Security and our Guide to Email Security.

For a general idea of cybersecurity trends, check out our infographic:

 

Cybersecurity 2016

In the coming weeks, we will continue our Cybersecurity series to help inform users of how to protect their information. Stay tuned for more on common social engineering tactics, how to protect your inbox through safe email practices, bolstering information security on mobile devices, and how to control what is shared on social media.

Interested in protection for your business? Visit our website to learn more about our cybersecurity services and contact Inverselogic to speak with an expert.

Consumer Security: Malware Ads on Forbes

The annual Forbes 30 Under 30 list highlights a select few in various industries from music to healthcare- these individuals are up-and-coming influentials under the age of 30. Naturally, the 30 Under 30 franchise receives much attention and its pages garner hundreds of thousands of online views.

Many consumers are just becoming aware of how vulnerable their privacy is online, progressively more so with coverage of recent breaches at companies and even government organizations like Apple, the IRS, and Ashley Madison. It’s natural that this year’s 30 Under 30 list include a few names in security. The article mentions:

Ryan Ozonian, 27, created encrypted messaging app CyberDust that he says is safer than SnapChat. Javier Agüera Reneses, 23, created the encrypted smartphone BlackPhone (in partnership with security firm Silent Circle) and now serves as Silent Circle’s chief scientist. Reyad Allie, 26, is Uber’s Global Intelligence Analyst and keeps the $50 billion car service’s driver and user data safe.

 

This nod to advancement in data security only makes it more surprising that Forbes served malware to visitors who wished to view the article and disabled their Adblocker software.

 

Producing quality content accrues a cost, and like other publishers, Forbes pays for this through serving ads or a subscription model. Those who wish to view content without a subscription are asked to disable their Adblocker software for an “ad-light” experience. Forbes claimed this strategy helps monetize millions of impressions that would have otherwise been blocked.

The choice to disable the software is in the hands of consumers, and Forbes’ strategy seemed like a bona fide solution meant to help generate revenue. Forbes has also disabled the poisoned ads since becoming aware of the problem. However, there is a glaring problem with the system when a host cannot monitor exactly what is being served to its visitors. Even Adblocker does not protect users from all malware.

Forbes (and lesser known sites) sometimes have little control over (or knowledge of) what ads are being served to visitors. Until this is resolved, the responsibility for keeping information safe online ultimately falls on the consumer. Stay tuned for more in the future on how you can protect your data.