Uber’s computer system was hacked overnight from Thursday to Friday. While the company has yet to release details of the large-scale attack, the official hasn’t been shy about talking to experts.
We know a little more about the attack suffered by Uber at the end of last week, where all systems were infiltrated by a hacker. First of all, the age of the pirate in question: 18 years old. Moreover, he would have acted alone. A feat for someone so young.
The first stage of the attack remains unclear. The hacker managed to obtain the credentials of an Uber employee but did not specify how it happened. However, the account of the employee in question would not have allowed access to the company’s critical systems. In addition, because of multi-factor authentication (MFA), an identifier and a passwordpassword are not enough. To gain deep access to Uber’s systems, he was able to take advantage of two company gaffes.
An employee had to wear
The hacker in question boasted of having used a technique called MFA fatigue. To secure connections, Uber uses notifications pushpush. In other words, the user receives a notification asking him to authorize the access of a device that tries to connect with his account. The hacker flooded the employee with notifications for an hour to lower his vigilance. This is the first blunder: the MFA’s security system does not detect this kind of abuse, when it should have attracted the attention of an administrator or locked the targeted account. The hacker then contacted him via WhatsAppWhatsApp pretending to be from Uber’s IT department, telling him he had to accept the request for it to stop. The employee immediately complied.
From there, the hacker was able to connect to theintranetintranet from Uber but he did not yet have sufficient access to the more sensitive elements. So he dug around a bit and discovered a shared folder containing PowerShell scripts, including one containing a username and password for Thycotic (PAM). This is the second mistake. This system helps manage privileged accounts and sits at the center of Uber’s intranet security system. The young hacker was therefore able to use it to access all services, including domain administration, DUO, OneLogin, Amazon Web Services and GSuite.
Uber “has no proof” of access to personal data
From there, the hacker was able to download the code sourcecode source from Uber, access the data basedata base and even had fun taunting the employees. They could no longer access the web, all pages were redirected to a pornographic image with the message “ F*** you wankers ».
Using his access, he was able to access Uber’s internal Slack, where employees continued to laugh about it even after being told to stop logging in. The firm therefore had to stop the service at the same time as all the other internal tools in order to assess the extent of the damage and secure access.
To date, Uber has not confirmed this information and has not sent any notification to its users. The company contented itself with a rather terse statement on Friday evening indicating that everything is functional, that the internal tools are back online and that it is collaborating with the police. However, Uber also said there is no evidence the hacker was able to access sensitive user data. This formulation suggests that the firm is not yet certain that he did not steal personal data. So it’s a case to follow…
Uber victim of a massive cyberattack
A hacker announced that he had access to all of Uber’s internal services, including user databases and financial data. It is a simple operation of phishingphishing which allowed him to penetrate the systems.
Article of Louis NephewLouis Nephewpublished on 09/16/2022
When Uber employees received a message on Slack from a hacker indicating that he had hacked the service and that he had access to everything, including the databases, they first thought it was a joke. There followed a avalancheavalanche of emojis symbolizing fun. The fun didn’t last long and Slack, like many other internal tools, was temporarily disabled by Uber.
In the aftermath, the company said on TwitterTwitter this cybersecurity incident by a message laconic. The hacker also posted numerous screenshots showing the extent of the damage. On these, we can see that he has managed to access critical internal services such as the account of Uber’s Amazon Web Services platform, the administration console, its HackerOne cybersecurity service or even data. financial orders.
A political hack
How was the hacker able to break into the servers and penetrate deep into the systems? Simply by a classic phishing operation. The hacker sent an SMS to one of the employees pretending to be an IT manager from Uber. The victim was encouraged to give up his identifiers, it worked and that was it.
A priori, according to Washington Post, the hacker’s motivation is political. Sensitive to the treatment suffered by the company’s drivers, he would have enjoyed hacking the company. He also said he expects to release Uber’s source code within a few months. For its part, the company explains that it is supported by the police to resolve the situation and is content to deliver information in dribs and drabs on this case. This isn’t the first time Uber has been attacked. In 2016, its database of users and drivers was hacked via a vulnerability of a third-party service.