What simply occurred? Nickolas Sharp, a former Ubiquiti worker who oversaw the corporate’s cloud staff confessed of stealing gigabytes of personal information from the corporate’s community beneath the guise of an nameless hacker and a whistleblower. Sharp, a 36-year-old software program engineer from Portland, Oregon, is charged with stealing gigabytes of delicate information from Ubiquiti’s GitHub repositories and AWS servers in December 2020.
Sharp pled responsible to 3 prices: making false statements to the FBI, wire fraud, and intentionally transmitting a trojan horse to a protected laptop. The utmost punishment for every of those offenses is 35 years in jail.
Ubiquiti reported a safety incident in January 2021 following the information theft incident. Sharp, whereas pretending to be an nameless hacker, sought to extort the corporate. The ransom notice demanded 50 bitcoin, which, on the time, was equal to roughly $1.9 million, in trade for recovering the information and disclosing the community weak point that had allowed the hack. Nevertheless, as a substitute of paying the ransom, Ubiquiti selected to replace the login info for each worker. Moreover, the enterprise discovered and eradicated a second backdoor in its programs, earlier than reporting a safety breach on December 11.
“Nickolas Sharp’s firm entrusted him with confidential info that he exploited and held for ransom,” mentioned U.S. Legal professional Damian Williams.
“Including insult to harm, when Sharp wasn’t given his ransom calls for, he retaliated by inflicting false information tales to be printed in regards to the firm, which resulted in his firm’s market capitalization plummeting by over $4 billion.”
Sharp used his cloud administrator credentials to clone tons of of repositories over SSH and steal non-public information from Ubiquiti’s AWS infrastructure (on December 10, 2020) and GitHub repositories (on December 21 and 22).
He tried to hide his residence IP handle whereas gathering the information utilizing the Surfshark VPN service, however his location was found following a quick Web outage. Moreover, he additionally altered the log retention guidelines on Ubiquiti’s servers and different information that will have revealed his id throughout the inquiry.
The FBI searched the residence of Nicholas Sharp on March 24, 2021, and seized his digital tools. When interrogated, he gave FBI officers a number of false statements, together with, that he was not the perpetrator and had by no means used that VPN earlier than. Data demonstrating that Sharp bought the Surfshark VPN service in July 2020, about six months earlier than the incident, brought about him to make the fraudulent allegation another person will need to have accessed his PayPal account to finish the transaction.
Sharp, pretending to be a whistleblower, accused Ubiquiti of downplaying the breach in a media interview after the extortion try failed. After he challenged Ubiquiti’s assertion and claimed that the incident’s affect was vital, the corporate acknowledged on April 1 that it was the goal of an extortion try following the January hack with no indication that person accounts have been affected.
He additional asserted that Ubiquiti lacked a logging mechanism that will have prohibited them from figuring out whether or not the “attacker” had accessed any programs or information. His assertions, nevertheless, are in line with info from the Justice Division that he tampered with the corporate’s logging programs.