Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Businesses Australia Privacy Software Technology

Uber Used Secret Spyware To Try To Crush Australian Startup GoCatch (abc.net.au) 76

Uber used a secret spyware program, codenamed Surfcam, to steal drivers from an Australian competitor with the aim of putting that company out of business. The startup was backed by high-profile investors including billionaire James Packer and hedge fund manager Alex Turnbull. ABC News reports: GoCatch was a major competitor to Uber when the U.S. company launched in Australia in 2012. At the time, both companies were offering a new way to book taxis and hire cars using a smartphone app. Surfcam was developed in Uber Australia's head office in Sydney in 2015. A former senior Uber employee has told Four Corners that the idea behind the use of the Surfcam spyware was to starve GoCatch of drivers.

"Surfcam when used in Australia was able to put fledgling Australian competitors onto the ropes," the former employee with direct knowledge of the program said on the condition of anonymity. "Surfcam allowed Uber Australia to see in real time all of the competitor cars online and to scrape data such as the driver's name, car registration, and so on." It allowed Uber to directly approach the GoCatch drivers and lure them to work for Uber. "GoCatch would lose customers due to poaching of its drivers draining their supply. With fewer and fewer drivers, GoCatch would eventually fold," the former Uber employee said.
GoCatch's co-founder and chief executive, Andrew Campbell, said Uber's tactics damaged the company. He said: "The fact that Uber used hacking technologies to steal our data and our drivers is appalling. It had a massive impact on our business. It sets a really dangerous precedent for the Australian economy and Australian businesses as well. It tells every multinational company to come to Australia and follow the same practice. As an Australian small business, a technology start-up business based in Australia that's improving efficiency and service levels in the taxi industry, to have a company come to Australia and get away with that type of behavior is ... it's disgusting."

A senior Uber source has confirmed the existence of Surfcam, saying it was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software. "They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop," the report says.
This discussion has been archived. No new comments can be posted.

Uber Used Secret Spyware To Try To Crush Australian Startup GoCatch

Comments Filter:
  • Two wrongs there (Score:5, Insightful)

    by SuperKendall ( 25149 ) on Monday March 18, 2019 @07:25PM (#58295590)

    What Uber did was abhorrent for sure.

    However, WHY did that other company have all of these details of drivers that could be scraped? I feel like they had an API that could be arbitrarily queried for cars on the road that gave out way too much information.

    Server API designers seem to never consider the importance of what they send, and how to protect the contents of what is being sent from a user that can easily install certificates or man in the middle attacks to inspect all traffic. How do you not expect competitors are trying to look at this information? Even if it were not officially sanctioned you know some software engineer at Uber would have been trying to see hit competitive apps did just to understand how other people made systems work...

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      She shouldn't have been out by herself at night, especially not dressed like that. I mean it's practically her fault!

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I would guess for safety and usability. If everyone can see where your taxi is, it's harder for a driver to kidnap you. Tracking driver location is required for calculating routes, cost, and determining which to route to which pickup request. Allowing the passengers access to that information allows the to glance at their local area and estimate the chances and time frame for a pickup. In terms of passenger safety, it also helps prove the person claiming to be there to pick you up is actually the car yo

      • by SuperKendall ( 25149 ) on Monday March 18, 2019 @08:39PM (#58295872)

        I would guess for safety and usability. If everyone can see where your taxi is, it's harder for a driver to kidnap you.

        You can have that without giving away the whole store. How can you claim a system is designed to be "Safe" when it somehow reveals personal details enough about a driver for Uber to find them and try to hire them? What is to stop a stalker from finding female drivers and doing whatever they like to them...

        I am jus saying the company had a responsibility to the drivers that it sounds like they shirked, if Uber had enough data to find drivers that a very bad sign for how well the company protected data. Who is to say they were not equally lax in protecting client data too...

        How is everyone OK with this? We must wake up and punish companies anywhere that leak personal data, for either employees or customers. It is way past time we stopped letting this kind of no-security bullshit slide, even (especially?) if the information is used against that company.

        Seriously, how can you support the lax security policies of this company as being OK?

      • Call them? (Score:5, Insightful)

        by BankRobberMBA ( 4918083 ) on Monday March 18, 2019 @08:52PM (#58295928)

        No. That would take forever and your call history would wind up full of those stupid disposable temporary numbers.

        For both Uber and Lyft, do this:

        If you are a passenger, open the door or look through the window and say "What's your name?"
        Your driver's name is right there on the app. With their picture. And I know the picture's not always great, but it's good enough to verify you have the right driver. And they will say their name.

        Drivers should do the same thing, although almost none of mine ever do. "What's the name on the account?"
        Allowing an incorrect passenger in your car is a surefire way to get cheated, and maybe robbed/raped/kidnapped/murdered as well.

        For both passengers and drivers, do not ask them to confirm their name: "Are you So-and-so?" Make them provide it: "What's your name/name on the account?"

        It's too easy for an opportunistic scammer to just go "Yep, that's me."

    • Is there any reason to believe Uber extracted the driver info from GoCatch's API?

      Most drivers were probably running Android OS, which was designed from the ground up to facilitate snooping and data exfiltration. Uber likely took advantage of Android's insecure design to data rape GoCatch's drivers.

    • My guess is that the software impersonated the app: request a pickup, and then when a driver matched, get the details of the vehicle and driver (so the pretend rider knows what vehicle to look for), then cancel the pickup.
  • by youngone ( 975102 ) on Monday March 18, 2019 @07:30PM (#58295616)
    It's so hate to figure out who I hate more, Uber or the Packers.
    Maybe I will just hope that the "billionaire James Packer" (the one who inherited all he has) gets scammed out of all his money and winds up living in a cardboard box, and all the Uber executives get prosecuted for fraud and thrown in prison.
    Yes, I know.
    • I am definitely more of a Vikings fan.

    • by rtb61 ( 674572 )

      How about thus, I know it will tickle your fancy. 'Your Drivers', what the fuck you corporate cunts, they are gig economy barely working workers, come or go as you please, since the fuck when do you 'OWN' them, they are not fucking yours, you do fuck all for them, they do all the work and you are just scummy middlemen taking the majority of the profits. Oh yeah, those workers are disposable nothings when you don't need them to make you money, oh but when you do, then they are 'YOUR' workers, you own them, y

  • #DeleteUber (Score:5, Insightful)

    by Sebby ( 238625 ) on Monday March 18, 2019 @07:31PM (#58295626)
    Seriously, Uber is the Facebook of the ridesharing world.
    • by mjwx ( 966435 )

      Seriously, Uber is the Facebook of the ridesharing world.

      So no matter how shitty they get, no matter how much bad press there is about their misdeeds... People won't stop using them.

      Either that or you're saying that Facebook is losing hundreds of millions of dollars per quarter, I doubt Facebook is making a profit, but their costs aren't that great.

  • Corporate Espionage? (Score:4, Interesting)

    by Sebby ( 238625 ) on Monday March 18, 2019 @07:40PM (#58295666)
    I don’t know what the laws are like in Australia, but this seems to me like a clear case of it.
    • by mjwx ( 966435 )

      I don’t know what the laws are like in Australia, but this seems to me like a clear case of it.

      Not with Australia's current government. They keep flip-flopping between corporate apologist/stooge/protector and wannabe Trumpite popularists but with limited success in either attempt, not that there's much difference between their two stances.

      Basically few Australians would know about this and the company wasn't big enough to make political donations, so no Australian politician would care.

  • by phalse phace ( 454635 ) on Monday March 18, 2019 @07:47PM (#58295688)

    The source stated that the spyware program was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software.

    They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop.

    According to the former senior employee, the Sydney developer of the spyware had moved from Sydney to Singapore at the time when Uber and Grab were fighting it out for dominance of the massive rideshare market in South-East Asia.

    They "requested" that he stop? Why didn't Uber fire him?

    Instead, it looks like they sent him to Singapore to help grow Uber's market share there, using the same dirty tactics.

    • by piojo ( 995934 )

      It sounds like he was scraping the web site of a rival company. Is that even unethical? The worst he could have done is ignored robots.txt, and I don't know whether that is considered serious in Australia. Was there some more serious breach which evaded my attention? The title mentioned spyware, but the article didn't.

      • by piojo ( 995934 )

        Ahh, he was using their app's API. Still, I'm not sure where the line is when using data you already have access to, but for an unintended purpose. I see crushing their competitor (so they can be a monopoly) as a bigger story than how exactly they used their competitor's APIs.

  • So if I'm reading this correctly, Uber offered work to GoCatch drivers, drivers they identified using information published by GoCatch themselves. The fact that GoCatch didn't intend to be used that way doesn't make the tool "spyware" or otherwise nefarious. And the fact that it worked implied that Uber offered the drivers a good deal.
    • Presumably the part missing from the summary (I haven't read TFA) is that Uber offered better pay to GoCatch drivers to lure them away. And once GoCatch went bankrupt, Uber lowered the pay it offered to GoCatch drivers since they no longer needed to be competitive.
      • But why don't the drivers keep both applications installed on their smartphones?
        In several countries (FR, CH), I've seen drivers using several parralel means to catch clients: Uber Driver, some other network popular locally, and even an actual *taxi* dispatcher.

        local law about competition should prevent Uber from offering a different pay depending on if a driver works for another dispatcher or is exclusive to Uber.
        (And remember, Uber strongly wants to believe that the drivers are *contractros*, not *employe

  • by SlaveToTheGrind ( 546262 ) on Monday March 18, 2019 @09:12PM (#58295974)

    It's popcorn-worthy to watch the usual "IF YOU WERE DUMB ENOUGH TO PUBLISH THE BITS, I CAN FREELY USE THOSE BITS HOWEVER I WANT" crowd get all up in arms about a corporation they don't like doing some competitive data scraping.

    Mod me down all you want -- it will remain hilarious.

  • by sphealey ( 2855 ) on Tuesday March 19, 2019 @06:25AM (#58297122)

    - - - - - - A senior Uber source has confirmed the existence of Surfcam, saying it was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software. "They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop," the report says. - - - - -

    Odd coincidence how things like this just seem to keep happening to Uber. Darn shame that there are so many rogues in their organization; you'd think the world's largest monitoring and tracking system could identify and root out that sort of stuff.

  • This is what happens when you combine capitalism, a lack of ethics, and technology. The end result is companies like Uber and Facebook. Unfortunately, the reality of modern times is that we value ethical companies as much as we value ethical leaders (in other words, we don't give a shit).

news: gotcha

Working...