Hillicon Valley — Hacking group Lapsus$ blamed for Uber breach

·6 min read

Uber is holding hacking group Laspus$ responsible for last week’s data breach where a teenager claimed to have gained access to the company’s internal systems.

Meanwhile, American Airlines on Tuesday confirmed a data breach that affected a “small number” of customers and employees.

This is Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Send tips to The Hill’s Rebecca Klar and Ines Kagubare. Someone forward you this newsletter? Subscribe here.

Uber condemns Lapsus$

Uber has blamed Lapsus$, a South American hacking group, for being behind last week’s data breach that compromised its internal system.

The ride-share giant said in a statement that it is still investigating the breach and is also coordinating with the FBI, the Department of Justice and several leading digital forensics firms.

  • “We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so,” the company said. 

  • Last week, an 18-year-old hacker claimed to have broken into Uber’s network. 

  • The hacker told The New York Times, which first reported the breach, that he gained access to the company’s internal systems by posing as a corporate information technology person and convincing an employee to share a password with him.

Lapsus$ has been linked to several data breaches this year targeting tech companies including Microsoft, Samsung, Cisco and Okta.

Read more here.

CAMPAIGNS TO BYPASS GMAIL SPAM 

Political campaigns can register to allow emails to bypass Gmail spam filters as part of a Google pilot program, the tech company said Tuesday.

Google is starting with a “small number of campaigns” from both parties as part of the initial test, company spokesperson José Castañeda said in a statement.

During the pilot, users will also have access to a “more prominent unsubscribe button” on the campaign emails, he said.

“We will continue to listen and respond to feedback as the pilot progresses,” he added.

  • The launch was first reported by Axios. The outlet first reported about Google’s request to the Federal Election Commission (FEC) on the program in June, which came following accusations from Republicans that Gmail filters pushed more GOP campaign emails to spam. 

  • The FEC approved the program in a 4-1 vote last month.

Read more here.

Hacker targets American Airlines

American Airlines on Tuesday confirmed a data breach that affected a “small number” of customers and employees.

A template notification to affected customers dated Sept. 16 and sent to Montana state officials indicated the company learned in July 2022 that an unauthorized actor compromised a limited number of employees’ email accounts that contained personal information.

  • “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes,” the airline said in a statement. “A very small number of customers and employees’ personal information was contained in those email accounts.” 

  • “While we have no evidence that any personal information has been misused, data security is of the utmost importance and we offered customers and team members precautionary support,” the statement continued. “We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future.”

The company said it hired a cybersecurity firm to investigate the incident and found the information may have included customers’s names, dates of birth, mailing addresses, phone numbers, emails, driver’s license numbers, passport numbers and medical information provided to the airline.

Read more here.

DISLIKE BUTTON HAS LITTLE IMPACT

YouTube’s dislike button has little impact on the videos that the platform recommends to users, according to a study released Tuesday.

Researchers from the Mozilla Foundation, an international nonprofit that works to make the internet as accessible as possible, conducted an independent audit of YouTube’s user controls based on data that more than 20,000 users provided. It concluded that people generally do not feel that YouTube’s user controls change their recommendations and that users are largely correct that the mechanisms are “inadequate” in preventing unwanted recommendations.

  • Researchers found that user controls do influence what is recommended, but the effect is “negligible” and most unwanted videos still get through. Most users turn to a “trial-and-error approach” in trying to control their recommendations with tactics and behaviors like only rewatching desired videos or clearing their browser history, but reported limited success. 

  • User controls were often found failing, such as an instance when a user asked to stop seeing videos related to firearms but was soon after recommended gun-related content. Another asked to stop seeing videos on cryptocurrency but continued to receive those recommendations.

Read more here.

MUSIC TO EARS

The U.S. Space Force, the newest branch of the nation’s military, now has an official song hailing the “guardians beyond the blue.”

The brand-new song, “Semper Supra,” is named after the Space Force motto, which is Latin for “Always Above.”

It was created by two former U.S. military service members who wanted to capture the spirit of the Space Force’s Guardians.

The service branch unveiled “Semper Supra” as its official song at the Air and Space Forces Association Air, Space and Cyber Conference in National Harbor, Md., on Tuesday.

Every branch of the military has its own song, from the U.S. Army’s “The Army Goes Rolling Along” to “The Marines’ Hymn” for the U.S. Marines.

Read more here.

BITS & PIECES

An op-ed to chew on: Keep government money out of journalism industry

Notable links from around the web:

Trump’s ‘big lie’ fueled a new generation of social media influencers (The Washington Post / Elizabeth Dwoskin and Jeremy B. Merrill)

‘How Many Women Were Abused to Make That Tesla?’ (Rolling Stone / Stephen Rodrick)

Commerce lacks intelligence resources to keep U.S. tech from fueling Chinese cyberthreat, experts warn (CyberScoop / Suzanne Smalley)

🍦 Lighter click: A balanced diet

One more thing: Pentagon to review info warfare

The Pentagon will review how it conducts secret information warfare after Meta and Twitter found and dismantled fake accounts likely tied to the U.S. military, The Washington Post reported Monday.

Undersecretary of Defense for policy Colin Kahl last week asked the military commands that participate in online psychological operations to give a complete rundown of their activities by next month, according to the outlet.

The order came after the White House, State Department and some in the Defense Department voiced issues with tactics the Pentagon used in attempts to manipulate overseas audiences, several defense and administration officials told the Post.

Read more here.

That’s it for today, thanks for reading. Check out The Hill’s Technology and Cybersecurity pages for the latest news and coverage. We’ll see you tomorrow.

VIEW FULL VERSION HERE

For the latest news, weather, sports, and streaming video, head to The Hill.