Uber and Grand Theft Auto developer succumb to hackers
For the cybersecurity industry, bad things have happened in threes over the past week.
First, former Twitter security chief Peiter “Mudge” Zatko warned a congressional committee about major security vulnerabilities in the company that put the personal information of millions of users at risk.
On Thursday evening, Uber confirmed that it had been the victim of a debilitating cyberattack in which a hacker appeared to have gained access to large parts of its internal systems. (Uber said Friday there was “no evidence” the hacker accessed sensitive user data, though cybersecurity watchers weren’t entirely convinced.)
Then, over the weekend, a hacker leaked dozens of videos that appeared to represent the first images of Take-Two Interactive’s highly anticipated. Grand Theft Auto VI video game, an unprecedented leak in the gaming industry. Take-Two Interactive confirmed the leak on Monday morning. A hacker claiming responsibility suggested he was holding additional work products for ransom.
The natural tendency is to draw some sort of drastic conclusion from this trio of cyber incursions, especially at a time when more and more employees are working from home in environments that might be more vulnerable to attack. But all three incidents have distinct differences that ultimately only reinforce each employee’s shared responsibility in combating digital dangers.
Twitter’s hubbub is mostly focused on the highest levels of management, with Zatko alleging that current CEO Parag Agrawal and former CEO Jack Dorsey neglected to implement much-needed cybersecurity upgrades. Although the company hasn’t experienced a major breach since late 2021, when a hacker exploited a software vulnerability to download data about 5.4 million users, Zatko said Twitter’s systems were unnecessarily exposed due to underinvestment in cybersecurity. (Twitter officials refuted the claims, saying Zatko’s poor performance and ineffective leadership led to his firing.)
Uber’s attack, meanwhile, appears to have come from rank-and-file employees who ignored basic cybersecurity warnings.
A hacker claiming Uber’s breach told the New York Times that they gained access to company systems after impersonating a member of the company’s IT staff and convincing a worker to provide a password. (Uber has neither confirmed nor denied this account.)
Details on the source of the Take-Two Interactive hack are also scarce, although Bloomberg games journalist Jason Schreier tweeted sunday that “the common theory is that their Slack has been compromised”.
In the wake of the hacks, a chorus of cybersecurity experts, politicians, and social media experts have come up with all sorts of solutions. Zatko suggested that the federal government, namely the understaffed Federal Trade Commission, step up oversight of companies that have lost private user data to hackers. Industry leaders have pushed for better multi-factor authentication procedures, such as requiring special hardware attached to computers to control employee access to company systems.
Everything is fine. But in the cases of Twitter (assuming Zatko is right) and Uber (assuming the alleged hacker’s comments are true), human judgment remains the greatest vulnerability.
If Twitter has truly “made little meaningful progress on core systems of security, integrity, and privacy,” as Zatko alleged in a whistleblower complaint, it’s a reflection of a management abandoned. If an Uber employee couldn’t discern the difference between a peddler and an actual IT colleague, that’s a failure of the employee and of cybersecurity management.
“General cybersecurity awareness training, penetration testing and anti-phishing education are powerful deterrents against such attacks,” said Neil Jones, director of cybersecurity evangelism at the company. Egnyte cloud security at VentureBeat. But even the best-trained among us sometimes slip up, especially when dealing with a cunning crook.
Interestingly enough, Wall Street seems to have factored hacks into its assessment of companies. Uber shares fell just 4% on Friday, against a 1% drop in the Nasdaq Composite, a fairly modest drop given the hacker’s claims of widespread infiltration. Take-Two Interactive’s stock price was unchanged at noon on Monday, mirroring the Nasdaq Composite.
Perhaps investors are realizing that there is no magic bullet to prevent all cybersecurity mistakes.
You want to send thoughts or suggestions for Technical sheet? Write to me here.
Wanted: The truth. South Korean authorities and TerraForm Laboratories co-founder Do Kwon issued contradictory statements over the weekend about the cryptocurrency entrepreneur’s level of cooperation following the issuance of an arrest warrant, Bloomberg reported. Do Kwon, who oversaw the $60 billion collapse of TerraUSD and Luna tokens, tweeted on Saturday that he was in “full cooperation” with government agencies. However, South Korean officials later responded that he was “obviously on the run” and refused to cooperate with investigators.
Back down. bitcoin values fell to their lowest price on Monday since June, and Ethereum has given up on its post-merger bump, largely due to fears that interest rates will continue to rise, CNBC reported. Bitcoin briefly fell below $18,500 for the first time in three months before rebounding to around $18,900 on Monday afternoon. Ethereum values fell 22% last week, despite a long-awaited change on Thursday to a new, more environmentally friendly mining protocol.
A monster IPO. volkswagen expects raise around $9 billion of its initial public offering next week of a minority stake in Porsche, the Associated Press reported Monday. The German automaker is selling up to 25% of the luxury brand to help fund its adoption of electric vehicles. The company’s IPO price range is equivalent to $8.7 billion to $9.4 billion, slightly below analyst estimates that suggested Volkswagen could fetch about $10 billion.
Operational and fully operational. You’re here completed his month-long project on Monday to increase production capacity at its Shanghai assembly plant, a business delayed for months by COVID-related shutdowns in China, Reuters reported. The electric carmaker plans to produce double the number of vehicles at the Shanghai plant after the upgrades are complete, helping the company in China’s competitive electric vehicle market. Tesla plans to continue testing on parts of the upgraded assembly lines through the end of November.
FOOD FOR THOUGHT
If the shoe fits. Nike wants to provide Amazonnext-level delivery service to its shoe and apparel buyers. Insider reported on Monday that Nike is adopting some of the e-commerce giant’s logistics and inventory tactics, as part of an effort to meet consumer expectations for two- or three-day delivery. Nike hopes to better integrate its physical stores with its digital marketplace, speeding up product delivery through a more regional approach to shipping. This change follows similar plans adopted in recent years by walmart, Targetand Dick Sporting Goods.
[Nike’s] a larger connected inventory plan is the latest example of Amazon’s pressure on companies, even one of the biggest companies in the world, to compete on delivery speed.
“Everybody’s gotten used to Amazon,” said Brian Yarbrough, principal research analyst at Edward Jones. “Most retailers try to reduce it to two or three days. Amazon created this. Amazon does the same day now. Amazon has conditioned consumers to have much higher expectations for fast delivery times.
IN CASE YOU MISSED IT
GIF Company Tells Europe It’s So “Cringe-Creating” Meta Should Be Allowed to Buy Itby Steve Mollman
How Figma founder and college dropout Dylan Field went from LinkedIn intern to billionaire in just a decadeby Lucy Brewster
These tech companies are accelerating permanent carbon removal to save the planet, by Lisa Held
How good are the new Apple Watch Ultra and iPhone 14?by Zijia Song and Bloomberg
Choco Taco’s Last Hurray Will Be a Digital Scavenger Huntby Chris Morris
The United States is late for a radical change in its cybersecurity strategy, but change is finally comingby Andrew Rubin
BEFORE YOU LEAVE
Better call Clearview. Dystopian facial recognition technology has finally worked in the criminal defense bar’s favor, though a single case may not be enough to save its reputation. The New York Times reported Sunday that a Southwest Florida defense attorney used AI Clearview products to identify a crucial witness in a driving homicide case, whose testimony ultimately led prosecutors to drop felony charges against a man wrongly accused of causing a fatal accident. Police working at the scene captured video of the witness, who pulled the accused from the passenger seat of the car, but they did not write down his name or contact details. After months of research, a defense attorney tapped Clearview AI — best known for providing law enforcement and businesses with access to databases with billions of faces — to see if their technology could trace the witness through his appearance in the video. Sure enough, the defense attorneys had ID on the witness within seconds of accessing the tool. Clearview AI said it would now allow public defenders to use its products, but the company’s critics said the technology was still a major privacy invasion.