Former developer of Ubiquiti confessed to stealing data, trying to extort the networking company

What simply occurred? Nickolas Sharp, a former Ubiquiti worker who oversaw the corporate’s cloud group confessed of stealing gigabytes of personal information from the corporate’s community beneath the guise of an nameless hacker and a whistleblower. Sharp, a 36-year-old software program engineer from Portland, Oregon, is charged with stealing gigabytes of delicate information from Ubiquiti’s GitHub repositories and AWS servers in December 2020.

Sharp pled guilty to a few costs: making false statements to the FBI, wire fraud, and intentionally transmitting a bug to a protected pc. The utmost punishment for every of those offenses is 35 years in jail.

Ubiquiti reported a safety incident in January 2021 following the information theft incident. Sharp, whereas pretending to be an nameless hacker, sought to extort the corporate. The ransom word demanded 50 bitcoin, which, on the time, was equal to roughly $1.9 million, in change for recovering the information and disclosing the community weak spot that had allowed the hack. Nevertheless, as a substitute of paying the ransom, Ubiquiti selected to replace the login data for each worker. Moreover, the enterprise discovered and eradicated a second backdoor in its programs, earlier than reporting a safety breach on December 11.

“Nickolas Sharp’s firm entrusted him with confidential data that he exploited and held for ransom,” mentioned U.S. Lawyer Damian Williams.

“Including insult to damage, when Sharp wasn’t given his ransom calls for, he retaliated by inflicting false information tales to be printed in regards to the firm, which resulted in his firm’s market capitalization plummeting by over $4 billion.”

Sharp used his cloud administrator credentials to clone tons of of repositories over SSH and steal non-public information from Ubiquiti’s AWS infrastructure (on December 10, 2020) and GitHub repositories (on December 21 and 22).

He tried to hide his dwelling IP handle whereas accumulating the information utilizing the Surfshark VPN service, however his location was found following a short Web outage. Moreover, he additionally altered the log retention guidelines on Ubiquiti’s servers and different information that might have revealed his identification throughout the inquiry.

The FBI searched the residence of Nicholas Sharp on March 24, 2021, and seized his digital gear. When interrogated, he gave FBI officers a number of false statements, together with, that he was not the perpetrator and had by no means used that VPN earlier than. Information demonstrating that Sharp bought the Surfshark VPN service in July 2020, about six months earlier than the incident, brought about him to make the fraudulent allegation another person should have accessed his PayPal account to finish the transaction.

Sharp, pretending to be a whistleblower, accused Ubiquiti of downplaying the breach in a media interview after the extortion try failed. After he challenged Ubiquiti’s assertion and claimed that the incident’s influence was vital, the corporate acknowledged on April 1 that it was the goal of an extortion try following the January hack with no indication that consumer accounts had been affected.

He additional asserted that Ubiquiti lacked a logging mechanism that might have prohibited them from figuring out whether or not the “attacker” had accessed any programs or information. His assertions, nevertheless, are per data from the Justice Division that he tampered with the corporate’s logging programs.