Slashdot Mirror
Uber Used Secret Spyware To Try To Crush Australian Startup GoCatch (abc.net.au)
Uber used a secret spyware program, codenamed Surfcam, to steal drivers from an Australian competitor with the aim of putting that company out of business. The startup was backed by high-profile investors including billionaire James Packer and hedge fund manager Alex Turnbull. ABC News reports: GoCatch was a major competitor to Uber when the U.S. company launched in Australia in 2012. At the time, both companies were offering a new way to book taxis and hire cars using a smartphone app. Surfcam was developed in Uber Australia's head office in Sydney in 2015. A former senior Uber employee has told Four Corners that the idea behind the use of the Surfcam spyware was to starve GoCatch of drivers.
"Surfcam when used in Australia was able to put fledgling Australian competitors onto the ropes," the former employee with direct knowledge of the program said on the condition of anonymity. "Surfcam allowed Uber Australia to see in real time all of the competitor cars online and to scrape data such as the driver's name, car registration, and so on." It allowed Uber to directly approach the GoCatch drivers and lure them to work for Uber. "GoCatch would lose customers due to poaching of its drivers draining their supply. With fewer and fewer drivers, GoCatch would eventually fold," the former Uber employee said. GoCatch's co-founder and chief executive, Andrew Campbell, said Uber's tactics damaged the company. He said: "The fact that Uber used hacking technologies to steal our data and our drivers is appalling. It had a massive impact on our business. It sets a really dangerous precedent for the Australian economy and Australian businesses as well. It tells every multinational company to come to Australia and follow the same practice. As an Australian small business, a technology start-up business based in Australia that's improving efficiency and service levels in the taxi industry, to have a company come to Australia and get away with that type of behavior is ... it's disgusting."
A senior Uber source has confirmed the existence of Surfcam, saying it was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software. "They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop," the report says.
"Surfcam when used in Australia was able to put fledgling Australian competitors onto the ropes," the former employee with direct knowledge of the program said on the condition of anonymity. "Surfcam allowed Uber Australia to see in real time all of the competitor cars online and to scrape data such as the driver's name, car registration, and so on." It allowed Uber to directly approach the GoCatch drivers and lure them to work for Uber. "GoCatch would lose customers due to poaching of its drivers draining their supply. With fewer and fewer drivers, GoCatch would eventually fold," the former Uber employee said. GoCatch's co-founder and chief executive, Andrew Campbell, said Uber's tactics damaged the company. He said: "The fact that Uber used hacking technologies to steal our data and our drivers is appalling. It had a massive impact on our business. It sets a really dangerous precedent for the Australian economy and Australian businesses as well. It tells every multinational company to come to Australia and follow the same practice. As an Australian small business, a technology start-up business based in Australia that's improving efficiency and service levels in the taxi industry, to have a company come to Australia and get away with that type of behavior is ... it's disgusting."
A senior Uber source has confirmed the existence of Surfcam, saying it was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software. "They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop," the report says.
What Uber did was abhorrent for sure.
However, WHY did that other company have all of these details of drivers that could be scraped? I feel like they had an API that could be arbitrarily queried for cars on the road that gave out way too much information.
Server API designers seem to never consider the importance of what they send, and how to protect the contents of what is being sent from a user that can easily install certificates or man in the middle attacks to inspect all traffic. How do you not expect competitors are trying to look at this information? Even if it were not officially sanctioned you know some software engineer at Uber would have been trying to see hit competitive apps did just to understand how other people made systems work...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Seriously, Uber is the Facebook of the ridesharing world.
AC comments get piped to
No. That would take forever and your call history would wind up full of those stupid disposable temporary numbers.
For both Uber and Lyft, do this:
If you are a passenger, open the door or look through the window and say "What's your name?"
Your driver's name is right there on the app. With their picture. And I know the picture's not always great, but it's good enough to verify you have the right driver. And they will say their name.
Drivers should do the same thing, although almost none of mine ever do. "What's the name on the account?"
Allowing an incorrect passenger in your car is a surefire way to get cheated, and maybe robbed/raped/kidnapped/murdered as well.
For both passengers and drivers, do not ask them to confirm their name: "Are you So-and-so?" Make them provide it: "What's your name/name on the account?"
It's too easy for an opportunistic scammer to just go "Yep, that's me."