Joseph Sullivan, who used to serve as Uber's security chief, was convicted of federal charges for hiding a 2016 data breach from authorities. According to The New York Times, a jury in a San Francisco federal court has found Sullivan guilty of obstructing the FTC's ongoing investigation into Uber at the time for another breach that occurred in 2014. He was also found guilty of actively hiding a felony from authorities. Sullivan's case, believed to be the first time an executive has faced criminal charges over a hack, revolves around how the former executive dealt with the bad actors who infiltrated Uber's Amazon server and demanded $100,000 from the company.

The hackers got in touch with Uber shortly after Sullivan sat for a deposition with the FTC for its investigation of the 2014 cybersecurity incident. They told him they found a security vulnerability that allowed them to download the personal data of 600,000 drivers and additional information linked to 57 million drivers and passengers. As The Washington Post reports, it was revealed later on that the hackers found a digital key that they used to get into Uber's Amazon account. There, they found an unencrypted backup collection of personal data on passengers and drivers.

Sullivan pointed them to the company's bug bounty program, which had a max payout of $10,000. The hackers wanted at least $100,000, however, and threatened to release the data they'd stolen if Uber didn't pay up. The former security chief paid them the amount they demanded in bitcoin and made it appear as if they'd been paid under the bug bounty program — an action reportedly sanction by then Uber chief executive Travis Kalanick. He also tracked them down and made them sign nondisclosure agreements.

The former executive's camp argued that Sullivan felt Uber's user data was protected after the hackers signed an NDA. "Mr. Sullivan believed that their customers’ data was safe and that this was not some incident that needed to be reported. There was no coverup and there was no obstruction," his lawyer David Angeli said. But prosecutors disagreed and viewed his use of NDAs as a way to cover up the incident. Further, they stressed that the incident shouldn't have been qualified for a payout under the bug bounty program, which is meant to reward friendly security researchers, when the bad actors threatened to release users' personal information if they didn't get paid the amount they wanted.

In the end, the jury agreed with the prosecutors that Sullivan should have notified the FTC about the data breach. It wasn't until Dara Khosrowshahi took over as CEO that the FTC was informed of the event. A sentence hasn't been handed down yet, but Sullivan now faces five years in prison for obstruction and up to three more years for failing to report a felony. 

Apple's alleged union busting has prompted federal action. As The New York Timesreports, the National Labor Relations Board has issued a complaint against Apple following accusations it broke multiple laws trying to thwart union organizers at the World Trade Center store in New York City. The Communications Workers of America (CWA) union claims Apple surveilled and questioned staff, limited access to pro-union fliers and made employees listen to anti-union speeches.

The NLRB found enough merit in two of the claims. A judge will hold a hearing on December 13th if there's no settlement.

We've asked Apple for comment. In a statement to The Times, a spokesperson said the iPhone maker disputed CWA's allegations and was anticipating "presenting the facts." In the past, Apple has maintained that unionization would hinder labor improvements and prevent "direct engagement" between the company and store workers. Apple told staff it would increase pay, but also that unionization could lead to fewer promotions and fixed hours.

There's no certainty the NLRB complaint will lead to change in Apple's labor practices. However, it comes as teams at multiple US stores have made unionization bids. While people at an Atlanta location gave up their efforts, Towson, Maryland workers voted to unionize this spring. Oklahoma City employees vote next week. There's mounting pressure on Apple to act, if just to minimize similar complaints.

More than 100 Amazon employees conducted a work stoppage for around three hours after a fire broke out at a fulfillment center on Staten Island, New York. Night shift workers were moved to a break room as firefighters tackled a dumpster fire on a shipping dock next to the JFK8 warehouse. No one was injured, according to the New York City Fire Department, which was called to the scene at around 4PM ET on Monday.

Amazon Labor Union (ALU) president Chris Smalls said around 500 employees declined to return to work. Amazon put the figure at 100 and said another 1,000 kept working. The workers who downed tools occupied the human resources office and demanded paid time off for the night, as Motherboard reports.

“All employees were safely evacuated, and day shift employees were sent home with pay,” Amazon spokesperson Paul Flaningan told Gothamist. “The FDNY certified the building is safe and at that point we asked all night shift employees to report to their regularly scheduled shift. While the vast majority of employees reported to their workstations, a small group refused to return to work and remained in the building without permission."

Workers at the warehouse voted to form a union earlier this year. Amazon has contested the results of the election. Last month, a hearing officer recommended that the National Labor Relations Board should reject Amazon's claims that the vote was invalid and authorize the union. Pending further appeals, Amazon has not started union contract negotiations.

Meanwhile, workers at another Amazon warehouse are seeking to unionize with the ALU. An election will be held at a fulfillment center outside of Albany later this month. Amid unionization efforts across the company, Amazon this week announced it will increase hourly workers' pay.

After investigating an unfair labor practice charge against Activision Blizzard, the National Labor Relations Board found that the company withheld raises from quality assurance workers at Call of Duty support studio Raven Software. The agency attributed this withholding to the workers' union activity.

The Communications Workers of America (CWA) filed a complaint on behalf of the workers in June. It accused Activision Blizzard of retaliating against those who were attempting to unionize in a number of ways, including by laying some off and dismantling the studio's QA department by moving workers to separate teams. The CWA also said that Activision Blizzard leadership solicited grievances, which the NLRB concurred with. The agency is still looking into some aspects of the original complaint, as The Washington Post notes.

The CWA filed an amended version of the complaint on Monday. It claimed that Activision Blizzard is continuing to violate labor laws by keeping QA workers at the studio separated without their own department.

In April, Activision Blizzard gave 1,100 QA testers full-time jobs and higher base pay. However, it said QA workers at Raven were not eligible for pay bumps “due to legal obligations under the National Labor Relations Act.” At the time, Raven QA workers were working toward a union election. They voted to unionize in May. Contract negotiations between Activision Blizzard and the Game Workers Alliance (the Raven QA workers' union) are ongoing.

“Despite their best efforts, Activision’s constant attempts to undermine its workers’ and impede our union election have failed," CWA and the Game Workers Alliance told Engadget in a statement. "We’re glad the NLRB recognized that Activision acted illegally when they unequally enforced policies by withholding company-wide benefits and wage increase from Raven workers for organizing. We want the company to bargain a fair contract in good faith and to move past all of the cheap — and illegal — tricks they tried to pull to prevent us from forming our union."

"Due to legal obligations under the [National Labor Relations Act] requiring employers not to grant wage increases while an election was pending, we could not institute new pay initiatives at Raven because they would be brand new kinds of compensation changes, which had not been planned beforehand," Activision Blizzard spokesperson Rich George told The Washington Post. "This rule that employers should not grant these kinds of wage increases has been the law for many years.”

Two of the eBay executives who were charged for staging a cyberstalking campaign against the creators of the eCommerceBytes newsletter have been sentenced to prison. The Justice Department says that these execs, along with five other former eBay employees, worked together to intimidate David and Ina Steiner. They apparently hatched a scheme targeting the Steiners shortly after Ina published an article in their newsletter about a lawsuit eBay filed accusing Amazon of poaching its sellers. David said the people involved in their harassment made their lives "a living hell."

James Baugh, eBay's former senior director of safety and security, was sentenced to almost five years in prison and was ordered to pay a fine of $40,000. Meanwhile, David Harville, eBay's former Director of Global Resiliency and the last person in the case who pleaded guilty, got a two-year sentence and was ordered to pay a $20,000 fine. 

According to the DOJ, the group sent disturbing deliveries to the couple's home, including "a book on surviving the death of a spouse, a bloody pig mask, a fetal pig, a funeral wreath and live insects." They also sent the couple threatening Twitter messages and posted on Craigslist to invite the public to partake in sexual encounters at the victims' home. Authorities also said that Baugh, Harville and another eBay employee monitored the couple's home in person with the intention of attaching a GPS tracker to their car. 

Based on the case's court documents, David Wenig, who was eBay's CEO at the time, sent another top exec a message that said "If you are ever going to take her down ... now is the time" 30 minutes after Ina's post was published. In turn, that executive sent Wenig's message to Baugh, adding that Ina was a "biased troll who needs to get BURNED DOWN." As The Washington Post notes, Wenig was not charged in the case but is facing a civil lawsuit from the Steiners, who accused him of attempting to "intimidate, threaten to kill, torture, terrorize, stalk and silence them." He denied any knowledge of the harassment campaign. 

As for Baugh and Harville, both asked the Steiners for forgiveness, according to The Post. "I take 100% responsibility for this, and there is no excuse for what I have done. The bottom line is simply this: If I had done the right thing and been strong enough to make the right choice, we wouldn’t be here today, and for that I am truly sorry," Baugh said.

Amazon has announced that it's spending nearly $1 billion boosting wages for hourly workers in the US amid criticism of its labor practices and a pitched union battle. The increase will take the starting wage for most front-line warehouse and transportation employees to over $19 per hour, while pay in fulfilment and elsewhere will rise to $16 an hour. The company's minimum wage will remain at $15 per hour.

Amazon is also expanding its "Anytime Pay" program to all employees, allowing them to access up to 70 percent of their eligible pay at any time with no fee, rather than the usual once or twice a month. It also added a new development program that allows employees to advance to engineering roles after 12-14 months of training. 

Amazon is the second largest employer in the US after Walmart, with a total workforce of over 1.5 million. Most of those are hourly workers in warehouses or delivery, or retailer workers at Whole Foods and Amazon Fresh. The average hourly pay in the US is $32.36, according to the US Bureau of Labor Statistics, and $28.10 in the "transportation and warehousing" category.

In April this year, 8,000-plus workers at a Staten Island facility voted to unionize, and Amazon lost its initial appeal for a re-vote. It's also facing a House committee probe into a deadly warehouse collapse that killed six workers during a tornado. Last June, the panel accused Amazon of "obstructing" the probe by refusing to hand over key documents related to an internal review. 

Boeing has agreed to pay $200 million to settle charges from the Securities and Exchange Commission. The agency found that Boeing made "materially misleading public statements" related to crashes involving its 737 Max aircraft. The company's former CEO Dennis Muilenburg will also pay $1 million to settle charges. The SEC alleged that Boeing and Muilenburg violated the antifraud provisions of federal securities laws. They neither admitted to nor denied the agency's findings.

The SEC alleged that, after the first crash in October 2018, which caused the death of 189 people, Boeing and Muilenburg were aware that the anti-stall Maneuvering Characteristics Augmentation System (MCAS) posed an ongoing safety concern. However, the company told the public that the 737 Max was “as safe as any airplane that has ever flown the skies.” 

After a second crash in March 2019, in which 157 people died, the company and Muilenburg claimed "there were no slips or gaps in the certification process with respect to MCAS, despite being aware of contrary information," the SEC said in a statement. Following the crashes, all 737 Max planes were grounded for over 18 months.

"There are no words to describe the tragic loss of life brought about by these two airplane crashes," SEC Chair Gary Gensler said. "In times of crisis and tragedy, it is especially important that public companies and executives provide full, fair and truthful disclosures to the markets. The Boeing Company and its former CEO, Dennis Muilenburg, failed in this most basic obligation. They misled investors by providing assurances about the safety of the 737 Max, despite knowing about serious safety concerns."

The settlement "fully resolves the SEC’s previously disclosed inquiry into matters relating to the 737 Max accidents," Boeing told CNN. “Today’s settlement is part of the company’s broader effort to responsibly resolve outstanding legal matters related to the 737 Max accidents in a manner that serves the best interests of our shareholders, employees, and other stakeholders."

Boeing previously reached a $2.5 billion settlement with the Department of Justice to avoid criminal charges. Last year, a grand jury indicted Boeing's former chief technical pilot, Mark A. Forkner, on fraud charges. Forkner, the only Boeing employee who has faced a criminal indictment in relation to the crashes, was accused of deceiving the FAA's Aircraft Evaluation Group during evaluation and certification of the 737 Max. Following a four-day trial earlier this year, a jury found Forkner not guilty.

Police in the UK have arrested a 17-year-old suspected hacker. Reports suggest the arrest is connected to the Rockstar Games hack that led to a major Grand Theft Auto VI leak. The individual may have been involved with an intrusion on Uber as well.

According to journalist Matthew Keys' sources, the arrest is the result of an investigation involving the City of London Police, the UK's National Cyber Crime Unit and the FBI. Keys noted that the police and/or the FBI will reveal more details about the arrest later today. The City of London Police told Engadget it had "no further information to share at this stage."

The GTA VI leak is unquestionably one of the biggest in video game history. Last weekend, the hacker shared a trove of footage from a test build of the game, which is one of the most hotly anticipated titles around. Rockstar, which tends to keep a tight lid on its development process, confirmed on Monday that the leak was legitimate. It said the incident won't impact work on the game and that it will "properly introduce" fans to the next title in the blockbuster series once it's ready.

Uber was also subject to a cybersecurity incident this month. The company said this week that the hacker in question didn't access user accounts but, as of Monday, it was still trying to determine the impact of the intrusion. Uber also noted reports suggesting that the same person or group might have been responsible for the Rockstar hack. In addition, it said the perpetrator may be connected to the Lapsus$ hacking group.

The 17-year-old was arrested in Oxfordshire, where one of the leaders of Lapsus$ is said to live. In March, BBC News reported that a 16-year-old from Oxford (who may have had a birthday since then) had been identified by researchers and hackers as having ties to the group. That same month, City of London Police arrested seven teenagers with alleged ties to Lapsus$, but it wasn't confirmed if the Oxford teen was among them. Lapsus$ has also targeted the likes of Microsoft, Okta and T-Mobile.

Over the weekend, Terraform Labs' CEO and co-founder Do Kwon took to Twitter to say that he was not "on the run" or "anything similar." He made the statement after South Korean authorities issued an arrest warrant for him and five other people connected to Terraform Labs for violating the country's capital markets laws last week. But Korean prosecutors aren't convinced, especially since authorities in Singapore, where Kwon flew to back in April, said he was no longer in the country. Now, the Seoul Southern District Prosecutors' Office is asking the Interpol to place him in the agency's red notice list and to revoke his passport, according to The Financial Times. 

According to the Interpol's website, a red notice entails seeking "the location and arrest of wanted persons wanted for prosecution or to serve a sentence" and is commonly issued for fugitives. As Yonhap News notes, Kwon flew to Singapore in late April around the time he dissolved his company's office in Korea. His family members and other key Terraform Labs personnel reportedly followed him to the city-state in May. 

The executive and other Terraform Labs' personnel are under investigation for financial fraud and tax evasion following the collapse of the company's stablecoins, TerraUSD and Luna. $40 billion of investor money was wiped out from the even. And those investors, who lost their life savings to the crash, filed complaints that accuse him of running a Ponzi scheme. 

Prosecutors believe he left Korea to "evade investigation," seeing as Kwon also apparently told them through his lawyers that he didn't intend to appear before them for questioning. A spokesperson for the Seoul prosecutors' office told The Times that they're doing their best to locate and arrest him. "He is clearly on the run as his company’s key finance people also left for the same country during that time," they added. 

Kwon has yet to respond to the prosecutors enlisting the Interpol for help in finding him. On Twitter, his location is still set to Singapore, and his latest tweets were still from the weekend, denying that he was trying to avoid being captured by law enforcement. 

US authorities, with help from blockchain analyst Chainalysis, have recovered $30 million worth of cryptocurrency stolen from Axie Infinity in March. It's but a fraction of the $625 million the play-to-earn game lost to the North Korean-linked hacking unit known as the Lazarus Group, but it's a significant achievement for law enforcement and the crypto community. Chainalysis says this is the first time that cryptocurrency stolen by a North Korean hacking group has been seized.

As the analyst explains, North Korea-linked groups typically use Tornado Cash to mix Ether, but the sanctions the US imposed on the mixer forced them to employ alternative techniques. They now use blockchain bridges to switch between different kinds of digital coins in an effort to obscure the source of their funds, and the analyst had the tools necessary to trace those cross-chain movements.

Apparently, most of the funds stolen from Axie Infinity remain in the blockchain, showing that the bad actors are having a tough time moving stolen assets around and converting them into fiat currency. Chainalysis seems confident that this won't be the last time stolen funds would be recovered from these hacking groups.

According to Bleeping Computer, news about the fund retrieval was announced at the ongoing AxieCon event. The game's publishers have revealed that the money authorities recovered will be gradually moved into Axie Infinity's treasury and then back to its player community. However, it won't be a quick process, and it could take several years to accomplish.