An unusual criminal case going on right now in U.S. courts shows how much legal hot water you can be in if your company gets hacked.
Specifically, officials are bringing charges of obstruction of justice and ‘misprision of a felony’ against Joe Sullivan of Uber for a 2016 hacking incident where the executive apparently paid off hackers in Bitcoin instead of properly informing authorities.
First of all, for those unfamiliar with the word “misprision,” it basically translates in plain English to “concealment,” in this case, concealment of the felony in the form of not reporting it.
After hackers claimed to have enormous amounts of information on Uber drivers and passengers, court filings indicate that Sullivan paid off these hackers $100,000 in Bitcoin, in a deal which included non-disclosure agreement requirements.
The issue here is that federal authorities have set up reporting standards for a reason – to try to take on the black hat community – and they feel that Sullivan’s actions undermine that.
“Silicon Valley is not the Wild West,” said U.S. Attorney David L. Anderson in a statement included in DOJ announcements of the action. “We expect good corporate citizenship. We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments.”
As for the hackers themselves, they’re facing computer fraud conspiracy charges, and like Sullivan, they will be facing possible prison time.
Others with significant leadership stakes in enterprise, as well as some types of do-it-yourselfers, might be appalled at the amount of apparent victim blaming that can happen when a firm gets targeted by hackers. But the bottom line is that City Hall has decreed – if you get involved in cyber attacks, you are obliged to report this activity to law enforcement!
