Extortion charges leveled against the Ubiquiti developer who caused the 2020 “breach”

Extortion charges leveled against the Ubiquiti developer who caused the 2020 "breach"

Federal prosecutors say Nickolas Sharp, a senior developer at Ubiquiti, actually caused the “breach” that forced Ubiquiti to disclose a cybersecurity incident in January. They allege that in late December 2020, Sharp applied for a job at another technology company, and then abused his privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service and the company’s GitHub accounts to download large amounts of proprietary data.

Ubiquiti Inc. [NYSE:UI] revealed in January 2021 that user account details had been exposed due to a breach at a third-party cloud provider. In March, a Ubiquiti employee warned that the business had greatly exaggerated the magnitude of the event and that the third-party cloud provider allegation was false. A former Ubiquiti developer was arrested on Wednesday and accused with stealing data and attempting to extort his company by posing as a whistleblower.

Sharp’s indictment doesn’t specify how much data he allegedly downloaded, but it says some of the downloads took hours, and that he cloned approximately 155 Ubiquiti data repositories via multiple downloads over nearly two weeks.

On Dec. 28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. Assuming an external attacker had breached its security, Ubiquiti quickly launched an investigation.

But Sharp was a member of the team doing the forensic investigation, the indictment alleges.

“At the time the defendant was part of a team working to assess the scope and damage caused by the incident and remediate its effects, all while concealing his role in committing the incident,” wrote prosecutors with the Southern District of New York.

According to the indictment, on January 7 a senior Ubiquiti employee received a ransom email. The message was sent through an IP address associated with the same Surfshark VPN. The ransom message warned that internal Ubiquiti data had been stolen, and that the information would not be used or published online as long as Ubiquiti agreed to pay 25 Bitcoin.

The ransom email also offered to identify a purportedly still unblocked “backdoor” used by the attacker for the sum of another 25 Bitcoin (the total amount requested was equivalent to approximately $1.9 million at the time). Ubiquiti did not pay the ransom demands.

Investigators say they were able to tie the downloads to Sharp and his work-issued laptop because his Internet connection briefly failed on several occasions while he was downloading the Ubiquiti data. Those outages were enough to prevent Sharp’s Surfshark VPN connection from functioning properly — thus exposing his Internet address as the source of the downloads. When FBI agents raided Sharp’s residence on Mar. 24, he reportedly maintained his innocence and told agents someone else must have used his Paypal account to purchase the Surfshark VPN subscription.

Several days after the FBI executed its search warrant, Sharp “caused false or misleading news stories to be published about the incident,” prosecutors say. Among the claims made in those news stories was that Ubiquiti had neglected to keep access logs that would allow the company to understand the full scope of the intrusion. In reality, the indictment alleges, Sharp had shortened to one day the amount of time Ubiquiti’s systems kept certain logs of user activity in AWS. Following the publication of these articles, between Tuesday, March 30, 2021 and Wednesday March 31, [Ubiquiti’s] stock price fell approximately 20 percent, losing over four billion dollars in market capitalization,” the indictment states.

Sharp faces four criminal counts, including wire fraud, intentionally damaging protected computers, transmission of interstate communications with intent to extort, and making false statements to the FBI.

The News Highlights

  • Extortion charges leveled against the Ubiquiti developer who caused the 2020 “breach”
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
US seeks way to speed up delivery of new fighter jets to Taiwan
US seeks way to speed up delivery of new fighter jets to Taiwan
More missions mean more wear-and-tear on Taiwan’s aircraft. “It’s all about risk assessment … and it’s clear where the risks are,” the Taiwanese official ...
UK shoppers cut spending in December after previous Christmas spree, Omicron
UK retail sales sink as Omicron keeps consumers at home
While restrictions to control its spread have since been lifted, there are concerns higher inflation, interest rates and taxes will squeeze consumer incomes ...
NFT avatars can only be set in the iOS app and verified Twitter NFT profile images will appear in a hexagonal shape
NFT avatars can only be set in the iOS app and verified Twitter NFT profile images will appear in a hexagonal shape
It was only a matter of time before Twitter jumped on the crypto train with ways to verify your purchased NFT profile picture, and the social media platform ...
The Fed may end up needing to actually sell some of its bonds
Great-Tech Earnings jitters mount as pandemic darlings are damaged
More than $1.7 trillion in value has been erased from the Nasdaq 100 in January, with the tech-heavy gauge entering a correction this week after falling more ...
Biden administration launches hotline to request Covid tests
Biden administration launches hotline to request Covid tests
April was born and raised in San Diego where she loved the beach town and her two dogs, Lexi and Malibu. She decided to trade the beach for the snow and ...
Tuscaloosa County will receive money for emergency food and shelter program
Tuscaloosa County will receive money for emergency food and shelter program
• The Salvation Army • The Jewish Federations of North America • United Way Worldwide • Catholic Charities USA • The American Red Cross • National Council of ...
Bitcoin's correlation with Tech Strengthens as the appetite for danger returns
Bitcoin’s correlation with Tech Strengthens as the appetite for danger returns
The 100-day correlation coefficient of the coin and the Nasdaq 100 Index rose above 0.40, among the highest such readings going back to 2011. A coefficient ...
The UDAN Regional Connectivity Scheme is presented in an aircraft-shaped frame, according to the Ministry of Civil Aviation
The UDAN Regional Connectivity Scheme is presented in an aircraft-shaped frame, according to the Ministry of Civil Aviation
The middle portion showcases the Buddha circuit, featuring, Buddha Statue at Gaya where He attained enlightenment, Dhamekh Stupa, Sarnath where he delivered ...
Verizon and T-Mobile compete in a 5G network test in New York, with new C-band release crashing into Sprint's airwaves
Verizon and T-Mobile compete in a 5G network test in New York, with new C-band release crashing into Sprint’s airwaves
One storied network analyst, Sascha Segan from PCMag, has managed to test the new C-band efforts of Verizon in New York, and came away unimpressed when ...
Smoking ceremony supports Sanford, community amid pandemic
Smoking ceremony supports Sanford, community amid pandemic
Now, St. John is back living on his own in an apartment in Chamberlain. He’s grateful to be alive, thanks in large part to his Sanford family, he said. In that ...
Show next
We will be happy to hear your thoughts

Leave a reply

Compsmag - Latest News In Tech and Business
Logo