Uber Used Secret Spyware To Try To Crush Australian Startup GoCatch

Uber used a secret spyware program, codenamed Surfcam, to steal drivers from an Australian competitor with the aim of putting that company out of business. The startup was backed by high-profile investors including billionaire James Packer and hedge fund manager Alex Turnbull. ABC News reports: GoCatch was a major competitor to Uber when the U.S. company launched in Australia in 2012. At the time, both companies were offering a new way to book taxis and hire cars using a smartphone app. Surfcam was developed in Uber Australia's head office in Sydney in 2015. A former senior Uber employee has told Four Corners that the idea behind the use of the Surfcam spyware was to starve GoCatch of drivers.

"Surfcam when used in Australia was able to put fledgling Australian competitors onto the ropes," the former employee with direct knowledge of the program said on the condition of anonymity. "Surfcam allowed Uber Australia to see in real time all of the competitor cars online and to scrape data such as the driver's name, car registration, and so on." It allowed Uber to directly approach the GoCatch drivers and lure them to work for Uber. "GoCatch would lose customers due to poaching of its drivers draining their supply. With fewer and fewer drivers, GoCatch would eventually fold," the former Uber employee said. GoCatch's co-founder and chief executive, Andrew Campbell, said Uber's tactics damaged the company. He said: "The fact that Uber used hacking technologies to steal our data and our drivers is appalling. It had a massive impact on our business. It sets a really dangerous precedent for the Australian economy and Australian businesses as well. It tells every multinational company to come to Australia and follow the same practice. As an Australian small business, a technology start-up business based in Australia that's improving efficiency and service levels in the taxi industry, to have a company come to Australia and get away with that type of behavior is ... it's disgusting."

A senior Uber source has confirmed the existence of Surfcam, saying it was developed by a staff member in the Sydney head office who modified off-the-shelf data scraping software. "They said the Sydney employee did it under his own authority, and that once Uber discovered this, they requested he stop," the report says.

Corporate Espionage?

[Sebby]

I don’t know what the laws are like in Australia, but this seems to me like a clear case of it.

Re:Two wrongs there

I would guess for safety and usability. If everyone can see where your taxi is, it's harder for a driver to kidnap you. Tracking driver location is required for calculating routes, cost, and determining which to route to which pickup request. Allowing the passengers access to that information allows the to glance at their local area and estimate the chances and time frame for a pickup. In terms of passenger safety, it also helps prove the person claiming to be there to pick you up is actually the car you're supposed to get in is not someone trying to kidnap or scam you. It seems believable that the data is available on a website interface or though watching the network traffic of an app. The API could block someone when it sees them requesting everything, but with cloud computing or the resources of a business, it's trivial to send the requests from thousands of different computers. Even if it wasn't a public API, it would be easy to bribe one of the drivers to give them a copy of their tracking device/api or bribe a developer of the company. Uber has no problems using such tactics.

Even in USA, I've been the target of taxi scams where a driver claims to be the one you pre-paid for then demands payment to leave the vehicle when you realize it's not the right person. I was told by the correct driver that it isn't too rare though not too common either. It happens, so verify someone trying to pick you up by directly calling them before getting into the car. If you end up talking over the phone to the person in front of you, good. If not, pretend you called a family member because you forgot something then leave that area immanently to go on this forgotten quest.

If you use Uber, fuck you for supporting such a criminal organization.

That is not how you design that system

[SuperKendall]

I would guess for safety and usability. If everyone can see where your taxi is, it's harder for a driver to kidnap you.

You can have that without giving away the whole store. How can you claim a system is designed to be "Safe" when it somehow reveals personal details enough about a driver for Uber to find them and try to hire them? What is to stop a stalker from finding female drivers and doing whatever they like to them...

I am jus saying the company had a responsibility to the drivers that it sounds like they shirked, if Uber had enough data to find drivers that a very bad sign for how well the company protected data. Who is to say they were not equally lax in protecting client data too...

How is everyone OK with this? We must wake up and punish companies anywhere that leak personal data, for either employees or customers. It is way past time we stopped letting this kind of no-security bullshit slide, even (especially?) if the information is used against that company.

Seriously, how can you support the lax security policies of this company as being OK?