Joe Sullivan | |
---|---|
Born | Joseph Edmund Sullivan 1968 (age 54–55) |
Alma mater | University of Miami School of Law (1993) |
Occupation(s) | Internet security expert, CSO at Cloudflare |
Years active | 1993 - present time |
Organisation(s) | National Cyber Security Alliance (2011-2016), National Action Alliance for Suicide Prevention (2012), Commission on Enhancing National Cybersecurity (2016) |
Known for | Chief Security Officer at Facebook (2010-2015) and Uber (2015-2017) |
Joe Sullivan (born in 1968) is an American Internet security expert. Having served as a federal prosecutor with the United States Department of Justice, he worked as a CSO at Facebook, Uber and Cloudflare. For his role in covering up the 2016 data breaches at Uber, he was convicted in October 2022 on federal felony charges of obstruction and misprision. [1] In January 2023, he took on the role of CEO of Ukraine Friends, a nonprofit focused on humanitarian aid to Ukraine.
Sullivan was born in 1968 in Rutland, Vermont. [2] [3] He grew up in Cambridge, Massachusetts. [4] Sullivan graduated from Matignon High School in 1986, earned his Bachelor of Arts degree at Providence College in 1990, and graduated from the University of Miami School of Law in 1993. [2]
After law school, Sullivan spent the first eight years of his career in the Department of Justice, having started as an intern at the DOJ Miami office in 1992 and then ultimately working at the San-Francisco office with Robert Mueller. [5] From 1997 to 1999, he served as Assistant United States Attorney at the District of Nevada in Las Vegas. [5]
From 2000 to 2002, Sullivan worked as Assistant US Attorney at the Northern District of California. [6] He was a founding member of the Computer Hacking and Intellectual Property unit at the Northern District of California. [7] In 2001 and 2002, together with Scott Frewing he represented the U.S. government in United States v. Elcom Ltd. case, the first prosecution in the U.S. under the Digital Millennium Copyright Act. [8] [9] Sullivan also worked on multiple cybercrime cases including digital evidence aspects of the 9/11 investigation, economic espionage and child predator cases. [10]
In April 2002, Sullivan joined eBay in as Senior Director of Trust and Safety. [11] [12] In a September 2006 United States congressional hearing, he described his duties as "overseeing company relations with law enforcement and regulatory agencies in the United States and Canada, directing the company's Fraud Investigations team and determining policies related to listing of items on eBay". [13] In 2003, he was criticized by Yuval Dror at the Haaretz newspaper for being willing to share eBay user's personal data with law-enforcement agencies potentially without proper legal framework. [14] [15] From 2006 to 2008 he was an Associate General Counsel at PayPal. [11] One of his top priorities was preventing phishing scams. [16]
In 2008, he started at Facebook first as an attorney, and next as its Chief Security Officer (2010-2015). [4] Sullivan assembled a security team to handle requests from law enforcement agencies globally and fight various types of cybercrime within the social network. [4] [7] He introduced a practice of security hackathons and bug bounty programs both internally and externally, encouraging coders to find vulnerabilities. [17] [18] His team was handling complicated and large-scale security issues such as an attempt to hack the accounts of Tunisian Facebook users in the 2011 "Arab Spring" during the Tunisian Revolution. [19] [20]
Sullivan also gained a reputation as an expert at fighting online bullying. He testified on this subject before Congress in 2010, [21] and was invited to the first White House Conference on Bullying Prevention in 2011. [22]
In Spring 2015, Sullivan joined Uber as its first CSO, at the time when the company was experiencing multiple safety and security issues. [23] [24] His primary focus was on safety of riders and drivers, both in the digital space and in the physical world. [25] As an example, he was involved in investigating the 2016 Kalamazoo shootings. [26]
In November 2017, Sullivan and Craig Clark, a senior lawyer at the company, were fired for allegedly covering up a major data breach in 2016 and paying hackers $100,000. [27] [28] Later in 2018, Reuters reported that the decision not to disclose the breach was made by the company's legal department. [29]
In May 2018, Sullivan joined Cloudflare as the company's first Chief Security Officer. [30] In December 2021, he was among the top Internet security experts who were exploring the Log4Shell vulnerability. [31]
Over the years, Sullivan has held several positions at government agencies and national organizations. From 2011 to 2016, he served as a commissioner at National Cyber Security Alliance, a non-profit organization that promotes cybersecurity and privacy education, [32] [33] where he ran a number of cyber security awareness initiatives. [34] [35] In 2012, he became a board member for the National Action Alliance for Suicide Prevention and co-authored the "2012 National Strategy for Suicide Prevention". [36]
In April 2016, President Obama appointed him as a commissioner on the Commission on Enhancing National Cybersecurity, a government body that was dissolved in December 2016 after releasing recommendations to the White House on how to address the nation's cybersecurity issues. [37]
In August 2020, the US Department of Justice announced criminal charges against Sullivan for obstruction of justice for his handling of the 2016 data breaches at Uber. The criminal complaint said Sullivan arranged, with CEO Travis Kalanick's knowledge, to pay a ransom for the breach as a "bug bounty" to conceal its true nature, and to falsify non-disclosure agreements with the hackers to say they had not obtained any data. [38] In December 2021, he faced additional charges of wire fraud. [39]
On October 6, 2022, Sullivan was convicted of one count of obstruction of justice, and one count of misprision of felony. [40] [41] He was sentenced to three years probation on May 4, 2023. [42] The trial of Sullivan represented the first United States federal prosecution of a corporate executive for the handling of a data breach. [43]
Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.
A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".
F. William Conner is an American business executive. Conner has worked across a variety of high-tech industries, specializing in corporate turnaround, cybersecurity, data and infrastructure.
Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.
Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.
Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc.
Vladislav Anatolievich Horohorin,, alias BadB, is a former hacker and international credit card trafficker who was convicted of wire fraud and served a seven-year prison sentence.
Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.
Alex Stamos is a Greek American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.
The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.
Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020, when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.
Eric Friedberg is an American lawyer and a former Assistant United States Attorney who specializes in the field of cybercrime, Intellectual Property and Securities Litigation practices
In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.
During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.
ChongLuaDao is a Vietnamese non-profit cybersecurity organization that helps clients verify the legitimacy of websites and block access to dangerous ones to keep them safe while using the internet. This non-profit project was started by a group of Vietnamese computer security specialist, including Hieu Minh Ngo, a former hacker who is now a technical expert for the National Cyber Security Centre (NCSC), Le Phuoc Hoa, Nguyen Hoang Thang, and Nguyen Hung.