CBE, banks to launch card tokenization on Android mobile apps    CIB completes EGP 2.3bn securitization for GlobalCorp in seventh issuance    NBE signs protocol to finance solar energy, irrigation upgrades, and land reclamation    Right-wing figures blame 'the Left' for Kirk killing, some urge ban on Democratic Party    Ex-IDF chief says Gaza war casualties exceed 200,000, legal advice 'never a constraint'    Egypt's Sisi ratifies €103.5m financial cooperation deal with Germany    Egypt's FM heads to Doha for talks on Israel escalation    Israeli strike in Doha escalates regional tensions, threatens Gaza ceasefire talks    Egypt strengthens inter-ministerial cooperation to upgrade healthcare sector    Egyptian government charts new policies to advance human development    Egypt, Spain discuss expanding health cooperation, support for Gaza    Egypt advances plans to upgrade historic Cairo with Azbakeya, Ataba projects    Egyptian pound ends week lower against US dollar – CBE    Egypt expresses condolences to Sudan after deadly Darfur landslides    Egypt hosts G20 meeting for 1st time outside member states    Lebanese Prime Minister visits Egypt's Grand Egyptian Museum    Egypt to tighten waste rules, cut rice straw fees to curb pollution    Egypt seeks Indian expertise to boost pharmaceutical industry    Egypt prepares unified stance ahead of COP30 in Brazil    Egypt recovers collection of ancient artefacts from Netherlands    Egypt harvests 315,000 cubic metres of rainwater in Sinai as part of flash flood protection measures    Egyptian, Ugandan Presidents open business forum to boost trade    Al-Sisi says any party thinking Egypt will neglect water rights is 'completely mistaken'    Egypt's Sisi, Uganda's Museveni discuss boosting ties    Egypt, Huawei explore healthcare digital transformation cooperation    Foreign, housing ministers discuss Egypt's role in African development push    Greco-Roman rock-cut tombs unearthed in Egypt's Aswan    Egypt reveals heritage e-training portal    Sisi launches new support initiative for families of war, terrorism victims    Egypt expands e-ticketing to 110 heritage sites, adds self-service kiosks at Saqqara    Palm Hills Squash Open debuts with 48 international stars, $250,000 prize pool    On Sport to broadcast Pan Arab Golf Championship for Juniors and Ladies in Egypt    Golf Festival in Cairo to mark Arab Golf Federation's 50th anniversary    Germany among EU's priciest labour markets – official data    Paris Olympic gold '24 medals hit record value    A minute of silence for Egyptian sports    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



In lawsuit over hacking, Uber probes IP address assigned to Lyft exec - Reuters
Published in Amwal Al Ghad on 08 - 10 - 2015

Eight months after disclosing a major data breach, ride service Uber [UBER.UL] is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft.
In February, Uber revealed that as many as 50,000 of its drivers' names and license numbers had been improperly downloaded, and the company filed a lawsuit in San Francisco federal court in an attempt to unmask the perpetrator.
Uber's court papers claim that an unidentified person using a Comcast IP address had access to a security key used in the breach. The two sources said the address was assigned to Lyft's technology chief, Chris Lambert.
The court papers draw no direct connection between the Comcast IP address and the hacker. In fact, the IP address was not the one from which the data breach was launched.
However, U.S. Magistrate Judge Laurel Beeler ruled that the information sought by Uber in a subpoena of Comcast records was "reasonably likely" to help reveal the "bad actor" responsible for the hack.
On Monday, Lyft spokesman Brandon McCormick said the company had investigated the matter "long ago" and concluded "there is no evidence that any Lyft employee, including Chris, downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach."
McCormick declined to comment on whether the Comcast IP address belongs to Lambert. He also declined to describe the scope of Lyft's internal investigation or say who directed it.
Lambert declined to comment in person or over email.
Attorneys for the Comcast subscriber, who is not named in court documents, did not respond to an interview request on Monday.
In an email on Monday, an Uber spokeswoman declined to comment on any aspect of the case beyond what is in court filings, including what led the company to believe that more information about the Comcast subscriber might lead them to the hacker.
Uber's lawsuit alleges the hacker violated civil provisions of the federal Computer Fraud and Abuse Act, as well as a similar California law. It is unclear if the leaked driver information was ever used by the hacker or anyone else.
According to documents filed in the case, the company learned months after the hack that someone had used an Uber digital security key to access the driver database. A copy of the key was inadvertently posted by Uber on one of its public pages on the code development platform GitHub in March of 2014, prior to the breach, the court filings show, and remained there for months.
After Uber discovered the unauthorized download, it examined the Internet Protocol addresses of every visitor to the page during the time between when the key was posted and when the breach occurred, according to court documents. The Uber review concluded that "the Comcast IP address is the only IP address that accessed the GitHub post that Uber has not eliminated" from suspicion, court papers say.
The numeric Comcast IP address and some other details have been redacted from court filings, so Reuters was unable to independently assess whether there was a connection between Lambert and the Comcast IP address. The two sources, however, said Uber researched the address and discovered that it showed up elsewhere in Internet postings associated with Lambert, and that the address was assigned to his name.
Lawyers for the unnamed Comcast subscriber have pointed out in court that the web page containing the key was publicly available and that anyone could have visited the site without violating any laws. They also stressed that the data breach stemmed from a different IP address.
In his statement on Monday, Lyft spokesman McCormick noted that "Uber allowed login credentials for their driver database to be publicly accessible for months before and after the breach."
The two sources said that the address from which the hack was launched is associated with a virtual private network service. One of them added that the service is based in a Scandinavian country and is known for vigorously protecting the privacy of its users. The hacker's numeric IP address is redacted from court papers.
In July, the federal magistrate judge in San Francisco approved Uber's request for a subpoena granting the company access to the Comcast subscriber's identity, source of payment and other subscription details. The subpoena also requires Comcast to disclose information connecting the subscriber to certain other IP addresses and to the GitHub web pages.
Attorneys for the unnamed Comcast subscriber appealed to the 9th U.S. Circuit Court of Appeals, and Beeler put her ruling on hold pending the outcome.
In fighting the subpoena, the subscriber's attorneys asserted in court that Uber has improperly focused on their client instead of other possible perpetrators of the breach.
They noted that automated web crawlers also visited the site with the security key. Google and other search engines use such crawlers to visit and gather information from web pages for indexing and caching. One of those crawlers could have saved the key somewhere else, the subscriber's attorneys argued in court filings, where it could have been accessed by the hacker.
The attorneys also suggested that a disgruntled Uber engineer could have taken the driver data to a new job, as it would be valuable for a competitor.
In her ruling, Beeler concluded there was "no evidence" that the key was available anywhere else online other than the place Uber inadvertently posted it.
Lyft, with a valuation of $2.5 billion, is much smaller than rival Uber, valued at $51 billion, based on previous funding rounds. The companies compete fiercely for drivers and customers.
Lambert has been Lyft's CTO since 2012, according to his LinkedIn page. Prior to that, he was a software engineer at Google for 5 years, working on mobile maps and Google location.
Source: Reuters


Clic here to read the story from its source.