- A letter has been made public that alleges Uber “fraudulently impersonates riders and drivers on competitor platforms, hacks into competitor networks, and conducts unlawful wiretapping.”
- The letter was written by a lawyer for a former Uber employee, who claims he was “unlawfully demoted” and later fired by the company.
- The letter includes copious details about a group within Uber that was allegedly set up to spy on competitors and collect their trade secrets.
A security group within Uber hacked into competitors’ computer systems, stole data from rivals, and recorded the private conversations of competitors at a hotel, according to a letter made public Friday by the judge overseeing the company’s lawsuit with Google-spinoff company Waymo.
The letter was written by a lawyer for Richard Jacobs, Uber’s former manager of global intelligence. It was written in May to an internal Uber lawyer who handles employee complaints.
An Uber spokesperson says the company hasn’t yet validated all the claims made in the letter, telling us: “While we haven’t substantiated all the claims in this letter-and, importantly, any related to Waymo-our new leadership has made clear that going forward we will compete honestly and fairly, on the strength of our ideas and technology.”
Jacobs was fired from Uber in April. In the letter, Jacobs’ lawyer charges he was terminated in retaliation by the company because he refused to participate in what he viewed as unethical and illegal activities.
Those activities, which Jacobs’ lawyer details in the letter, were allegedly perpetrated by Uber’s Threat Operations (ThreatOps) group. That group “frequently engaged in fraud and theft, and employed third-party vendors to obtain unauthorised data or information,” Jacobs’ lawyer charged.
For example, the letter alleges that between December 14 and 16, 2016, the ThreatOps team infiltrated a WhatsApp group and collected information from it.
“Jacobs reported that infiltrating WhatsApp groups was unlawful and would get Uber kicked out of [redacted],” Jacobs’ lawyer said in the letter. “His concerns were ignored.”
Uber team allegedly hacked networks, planted bugs
The letter also charges that “Uber worked to unlawfully obtain trade secrets.”
It alleges the ThreatOps team:
“1) remotely accessed confidential [redacted] corporate communications and data, 2) impersonated riders and drivers on [redacted] platform to derive key functions of [redacted] rider and driver apps, 3) stole supply data by identifying possible drivers to boost Uber’s market position, and 4) acquired codebase which allowed MA to identify code used by [redacted] to understand in greater detail how [redacted] app functioned.”
In other words, the letter accuses Uber of hacking into the networks of its ride-sharing competitors, stealing the code that allowed them to track their operations, and stealing other data.
In particular, Uber hacked a taxi company’s database that contained information on its drivers and attempted to use that hacked information to recruit those drivers to Uber, Jacobs’ lawyer alleged in the letter.
Additionally, Uber planted bugs to spy on people at a hotel on the orders of CEO Travis Kalanick, according to the letter:
“To do this, multiple surveillance teams infiltrated private-event spaces at hotel and conference facilities that the group of [redacted] executives used during their stay. In at least one instance, [CIA-trained] operatives deployed against these targets were able to record and observe private conversations among the executives – including their real-time reactions to a press story that Uber would receive $US3.4 billion dollars in funding from the Saudi government. Importantly, these collection tactics were tasked directly by Sullivan on behalf of Uber’s CEO, Travis Kalanick. Upon information and belief, these two Uber executives, along with other members of Uber’s executive team, received live intelligence updates (including photographs and video) from Gicinto while they were present in the ‘War Room.'”
Uber also cultivated spies from within its competitors to feed it information on their activities, Jacobs’ lawyer charged.
The team allegedly hid its activities
What’s more, Uber’s ThreatOps group went to great lengths to cover up its activities, according to the letter.
The group used so-called burner cell phones and communicated via encrypted messaging services such as Wickr, where messages are deleted soon after they’re sent, the letter charged. Group members were trained to mark their communications “privileged” under the believe that privileged communications with Uber’s lawyers meant that their documents could not be used in legal proceedings, Jacobs’ lawyer said in the letter.
The team “implemented a sophisticated strategy to destroy, conceal, cover up, and falsify records or documents with the intent to impede or obstruct government investigations as well as discovery obligations in pending and future litigation,” Jacobs’ lawyer charged.
The letter came to light as part of the lawsuit Waymo, the autonomous-car subsidiary of Google parent company Alphabet, filed against Uber in February, charging Uber with stealing its trade secrets. Most of the activities detailed in the letter allegedly took place while Travis Kalanick was still CEO of Uber. Kalanick resigned from that position in June following an investigation that revealed a toxic workplace environment at the company.
After the existence of the letter was revealed in court, Uber’s new CEO, Dara Khosrowshahi, acknowledged in a tweet he was aware employees were using apps including Wickr and Telegram. He said he banned them soon after he started at the company.
That same day, Uber’s new general counsel Tony West told Uber employees:
“My understanding is that this behaviour no longer occurs at Uber; that this truly is a remnant of the past. And I have not learned anything in the last couple of days that suggests otherwise. But, to be crystal clear, to the extent anyone is working on any kind of competitive intelligence project that involves the surveillance of individuals, stop it now.
“Let me also add that I’ve not learned of anything regarding the surveillance practices that would be considered illegal. However, as you will hear me say many times, the question for us is not just whether something is legal; we must also ask ourselves whether it’s the right thing to do.”