(AN AUTONOMOUS INSTITUTION UNDER VISVESVARAYA TECHNOLOGICAL UNIVERSITY, BELGAUM)

YELAHANKA, BANGALORE–560 064

Presentation
on
Study of Cyber Attack on
Uber

Presented by: Under the guidance of:

Name: KISHORE JN Deepthi Shetty
USN:1NT20ME406
CONTENTS
Introduction to cyber security.

About the cyber attack.

Problem faced by the uber.

Impact on uber.

Solution provided by the uber.

Slide-2
DEAPARTMENT OF MECHANICAL ENGINEERING,NMIT
INTRODUCTION TO CYBER SECURITY
Cyber security focuses on protecting computer systems from unauthorized access.

Cyber Security is a process that's designed to protect networks and devices from
external threats.

Cybercrime is a global problem that’s been dominating the news cycle. It poses a
threat to individual security and an even bigger threat to large international
companies, banks, and governments.

Today’s organized cybercrimes far out shadow lone hackers of the past now large
organized crime rings function like start-ups and often employ highly-trained
developers who are constantly innovating online attacks.

Slide-3
DEAPARTMENT OF MECHANICAL ENGINEERING,NMIT
ABOUT THE CYBER ATTACK
Uber previously came under fire for covering up a data breach that occurred in
November 2016 that exposed the data of 57 million employees and users.

Uber has suffered a data breach after Teqtivity, a software company which
provides asset management and tracking service for Uber, was targeted in a
cyber attack.  

According to Cyber security news site Bleeping Computer, the leaked

information includes “source code, IT asset management reports, data
destruction reports, Windows domain login names and email addresses and other
corporate information” as well as the “email addresses and Windows Active
Directory information for over 77,000 Uber employees”.

Slide-4
DEAPARTMENT OF MECHANICAL ENGINEERING,NMIT
 PROBLEM FACED BY THE
UBER
Device information: Serial Number, Make, Models, Technical Specs

User Information: First Name, Last Name, Work Email Address, Work
Location details

Uber told Bleeping Computer that the source code leaked on the hacking
forum was created by Teqtivity to manage Uber's services, explaining the
many references to the ride-sharing company.

The company admitted to covering up the breach in July 2022 as part of a

non-prosecution agreement with the US Department of Justice and Uber paid
US$148,000 to settle a civil litigation.

Slide-5
Following contact with the hackers, Sullivan attempted to pay them
$100,000 to sign a non-disclosure agreement which and eventually paid them
the sum in Bitcoin in December 2016, despite not knowing their true
identities.

In January 2017, Uber discovered their identities and the hackers signed a
new version of the original non-disclosure agreement which contained their
true names. Both hackers were prosecuted and pleaded guilty in October
2019 to charges of computer fraud conspiracy.

Slide-6
IMPACT ON UBER
First, they failed to monitor login attempts properly.

Uber doesn’t receive notifications if third-party tries to log into a business account

but fails to enter the network.

Uber failed to restrict the available data to third-party apps.

easy availability allows hackers to access sensitive information from other linked

third-party apps.

There was a possibility this attack was entity to gain access to sensitive information.

Slide-7
 SOLUTION PROVIDED BY THE
UBER

Potentially compromised accounts were identified and blocked or required password
resets to regain access.

Many internal tools were disabled.

Access parameters were reset on many of Uber’s internal services via key rotations.

The company’s codebase was locked down, preventing any new code changes.

When Uber restored access to internal tools it required employees to reauthenticate
credentials.

Uber Covered Up Hack of Customer Data.

Cloud Security Monitoring

Security Controls

Slide-8