Skip to main content

Uber had a secret tool to shield data at remote offices from law enforcement: report

Uber had a secret tool to shield data at remote offices from law enforcement: report


‘Ripley’ could be used to lock down employee computers, laptops, and smartphones

Share this story

Photo by Smith Collection/Gado/Getty Images

Uber employees based in San Francisco could remotely lock down equipment in the company’s foreign offices to stymie local authorities from obtaining any incriminating data, according to a report in Bloomberg.

While many companies have remote “panic buttons” that shut off computers during police raids, Uber’s secret system stood out for the number of times it was employed. The secret tool, called “Ripley” after Sigourney Weaver’s hero from the Alien franchise, was used over two dozen times to thwart potentially valid information-gathering efforts by local officers, sources with knowledge told Bloomberg.

Named after Sigourney Weaver’s hero from the ‘Alien’ franchise

One such instance occurred in Montreal in May 2015. As described by Bloomberg, around 10 investigators from the provincial tax authority stormed Uber’s office with a warrant to search for evidence pertaining to an alleged tax violation. Employees remotely tipped off a special team at the company’s headquarters in San Francisco, who then used this tool to remotely log off every computer in the Montreal office, in effect blocking the authorities from obtaining the records they sought, according to Bloomberg. The investigators left empty handed.

(Last year, Uber threatened to leave Quebec after the government proposed new regulations that would require drivers to undergo 35 hours of training and have criminal background checks done by a police force, but the company later backed down.)

It may not technically amount to obstruction of justice, since the definition of obstruction tends to shift from country to country, but it certainly doesn’t make Uber look good. According to Bloomberg:

The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected visitor protocol. Employees aware of its existence eventually took to calling it Ripley, after Sigourney Weaver’s flamethrower-wielding hero in the Alien movies. The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. “Nuke the entire site from orbit. It’s the only way to be sure.”

Ripley now joins the rogues’ gallery of Uber’s other sketchy, codenamed software tools, including “Hell,” “Greyball,” “God View,” “Firehouse,” and “Surfcam.” The company is being probed by the US Justice Department for at least five alleged schemes. But because of the multi-jurisdictional nature of this program, it’s unclear whether law enforcement authorities will investigate Ripley as well.

Update January 11th, 11:51am ET: An Uber spokesperson provided the following comment: “Like every company with offices around the world, we have security procedures in place to protect corporate and customer data. For instance, if an employee loses their laptop, we have the ability to remotely log them out of Uber’s systems to prevent someone else from accessing private user data through that laptop. When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”

Update January 11th, 3:25pm ET: The hits keep coming. After the Bloomberg story was published, a new report detailing secret tools used by Uber to thwart investigators hit TechCrunch. This one is called uLocker, and it utilized by Uber to “ransomware” its own data to make it inaccessible to investigators.

According to the story:

The source said uLocker was being written in-house by Uber’s [engineering-security] and Marketplace Analytics divisions (the latter being the unit previously reported to be focused on gathering intelligence from competitors).

The same source told us that Uber had another program intended to orchestrate the physical destruction of end-point workstations in the event of a raid by law enforcement — again as a strategy to render company data inaccessible to external investigators.

An Uber spokesperson confirmed the existence of uLocker to TC, but denied its use as a cryptolocker to ransomware Uber’s data. “There’s only ever been one version of uLocker,” the spokesperson told TC. “There were earlier conversations about what it should include — but there’s only ever been one version of it. And all it does is the locking and encryption.”

The spokesperson also said she wasn’t aware of any program that could physically destroy Uber’s computers remotely in the event of a raid, citing current company protocol regarding investigations that states, “Do NOT delete, destroy, conceal any document or data”.