Uber hacked by 18-year-old using standard phishing techniques

posted Sunday Sep 18, 2022 by Scott Ertz

It seems like every company is constantly under attack from the outside world. Unfortunately, no amount of "IT responsibility training" can protect them from a phishing attack, no matter how many times the company forces employees to watch these videos. This week, Uber was the recipient of one of these social engineering attacks, which apparently allowed an 18-year-old to access the inner workings of the company and its computer systems.

What happened?

Currently, what we know is based on a lot of public boasting. However, the initial research suggests that the information is correct. So, what happened and how did one of the biggest tech companies in the world get so easily hacked?

It started out with the discovery of an employee's WhatsApp number. Using that, our intrepid hacker set up a fake Uber page that looked real and sent the link to the employee. The employee then tried to log into the fake portal using their credentials, which were then stored by the teen. Using those credentials, the hacker logged into the real Uber system.

Of course, Uber uses MFA (or multi-factor authentication) for its systems, meaning there was still another step to overcome. In an effort to confuse the employee, the hacker continuously sent MFA notifications to the employee's phone, which finally led to the employee approving one of these requests, either out of confusion or exhaustion or possibly even simply by accident (we've all hit a notification when we were trying to hit the back button on our phones).

With this, the hacker was in the system and had a look around. This led to the discovery of a network share drive containing PowerShell scripts, including admin username and password, giving access to resources such as Amazon Web Services and G Suite accounts.

How do we know what went down?

This is the most interesting part of the whole story. The hacker announced their presence on the network by sending messages on the company's Slack channels. In fact, the messages were not covert in any way, with one literally saying,

I announce I am a hacker and Uber has suffered a data breach

Because of the openness of the hacker, it is believed that financial and malicious intents were not the goal. Instead, it appears that it might have all been part of some sort of protest. The individual posted several messages across Slack saying that drivers are not paid enough, indicating strongly that this was the goal.

How has Uber responded?

First and foremost, the company has admitted the hack, saying,

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

The company currently does not believe that any sensitive data was accessed, such as user location or route data, but has begun an exhaustive investigation to verify. If it turns out to be a political action, less will need to be done. However, if personal data was accessed, Uber might have to follow the lead of other companies and offer identity protection and more. Either way, though, I suspect employees will all have to watch those useless videos again on how to prevent social engineering.

F5 Live: Refreshing Technology

September 18, 2022 - Episode 632

Sunday Sep 18, 2022 (01:12:59)

Description

This week, EVGA is removing Nvidia, Nintendo is adding more 64, Uber is giving up security, and Amazon survived the NFL.

Participants

Scott Ertz

Host

Scott is a developer who has worked on projects of varying sizes, including all of the PLUGHITZ Corporation properties. He is also known in the gaming world for his time supporting the rhythm game community, through DDRLover and hosting tournaments throughout the Tampa Bay Area. Currently, when he is not working on software projects or hosting F5 Live: Refreshing Technology, Scott can often be found returning to his high school days working with the Foundation for Inspiration and Recognition of Science and Technology (FIRST), mentoring teams and helping with ROBOTICON Tampa Bay. He has also helped found a student software learning group, the ASCII Warriors, currently housed at AMRoC Fab Lab.

Avram Piltch

Host

Avram's been in love with PCs since he played original Castle Wolfenstein on an Apple II+. Before joining Tom's Hardware, for 10 years, he served as Online Editorial Director for sister sites Tom's Guide and Laptop Mag, where he programmed the CMS and many of the benchmarks. When he's not editing, writing or stumbling around trade show halls, you'll find him building Arduino robots with his son and watching every single superhero show on the CW.

Opening

Powered by TeknoAXE

Nifty Gifties

Powered by Microsoft Store

EVGA exiting videocard business despite large part of company revenue

When it comes to videocards, one of the top brands for years is EVGA. The company makes a solid product and often does it at a more affordable price than many of its competitors. Despite the company offering a full range of computer components, most of its revenue comes from these video cards. Despite all of this, a recent report suggests that EVGA may be getting out of the video card business entirely.

Piltch Point with Avram Piltch

Powered by PureVPN

Extra Life

Powered by Eksa

Next Nintendo 64 games announced for Switch Online, including GoldenEye

One of the best parts of the Switch Online and Switch Online + Expansion Pack is the games that are available. For those who do not have the original classic hardware and games, it's a great way to easily play some of the top games of the past. For those of us who do have the classic hardware and games, it still brings new capabilities to those older games, like online multiplayer. That's why it's always exciting when Nintendo announces new games coming to the platform, and this batch is no different.

News From the Tubes

Powered by Malwarebytes