Former Ubiquiti Employee Charged with Data Theft
The Former Developer Was Charged for Trying to Extort Ubiquity.
Ubiquiti Inc. is a technology company based in San Jose, California created in 2003. Having its headquarters in New York City, Ubiquiti produces and distributes wireless data transmission and wired equipment for businesses and residences under a variety of brand names.
Nickolas Sharp was recently arrested and charged with data theft and extortion while acting as a whistleblower and anonymous hacker.
As alleged, Nickolas Sharp exploited his access as a trusted insider to steal gigabytes of confidential data from his employer, then, posing as an anonymous hacker, sent the company a nearly $2 million ransom demand.
As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistleblower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.
As reported by BleepingComputer, Sharp stole terabytes of secret data from Ubiquiti’s AWS (on December 10, 2020) and GitHub (on December 21 and 22, 2020) infrastructures using his cloud administrator credentials, cloning hundreds of GitHub projects through SSH, according to the indictment.
The defendant attempted to conceal his home IP address by using Surfshark’s VPN services, but his true location was revealed during a brief Internet interruption.
It is also important to note that Sharp also changed log retention policies and other files to conceal his malicious behavior, which would have revealed his identity during the ensuing incident inquiry.
Among other things, SHARP applied one-day lifecycle retention policies to certain logs on AWS which would have the effect of deleting certain evidence of the intruder’s activity within one day.
Sharp shared the information with the media when his extortion tactics failed, posing as a whistleblower and accusing the corporation of downplaying the event.
This prompted Ubiquiti’s stock price to decrease about 20%, from $349 on March 30 to $290 on April 1, resulting in a market value loss of more than $4 billion.
Damian Williams, the United States Attorney for the Southern District of New York, and Michael J. Driscoll, Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced the arrest today of NICKOLAS SHARP for secretly stealing gigabytes of confidential files from a New York-based technology company where he was employed (“Company‑1”), and then, while purportedly working to remediate the security breach, extorting the company for nearly $2 million for the return of the files and the identification of a remaining purported vulnerability. SHARP subsequently re-victimized his employer by causing the publication of misleading news articles about the company’s handling of the breach that he perpetrated, which were followed by a significant drop in the company’s share price associated with the loss of billions of dollars in its market capitalization.
SHARP was arrested earlier today in the District of Oregon and will be presented this afternoon before U.S. Magistrate Judge John V. Acosta. The case was assigned to U.S. District Judge Katherine Polk Failla.
The former employee is accused with four charges and, if convicted, faces a maximum sentence of 37 years in jail.