Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security

Former Ubiquiti Dev Charged For Trying To Extort His Employer (bleepingcomputer.com) 20

Long-time Slashdot reader tinskip shares a report from BleepingComputer: Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker. "As alleged, Nickolas Sharp exploited his access as a trusted insider to steal gigabytes of confidential data from his employer, then, posing as an anonymous hacker, sent the company a nearly $2 million ransom demand," U.S. Attorney Damian Williams said today. "As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistleblower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company's computer systems."

According to the indictment (PDF), Sharp stole gigabytes of confidential data from Ubiquiti's AWS (on December 10, 2020) and GitHub (on December 21 and 22, 2020) infrastructure using his cloud administrator credentials, cloning hundreds of GitHub repositories over SSH. Throughout this process, the defendant tried hiding his home IP address using Surfshark's VPN services. However, his actual location was exposed after a temporary Internet outage. To hide his malicious activity, Sharp also altered log retention policies and other files that would have exposed his identity during the subsequent incident investigation. "Among other things, SHARP applied one-day lifecycle retention policies to certain logs on AWS which would have the effect of deleting certain evidence of the intruder's activity within one day," the court documents read.

After Ubiquiti disclosed a security incident in January following Sharp's data theft, while working to assess the scope and remediate the security breach effects he also tried extorting the company (posing as an anonymous hacker). His ransom note demanded almost $2 million in exchange for returning the stolen files and the identification of a remaining vulnerability. The company refused to pay the ransom and, instead, found and removed a second backdoor from its systems, changed all employee credentials, and issued the January 11 security breach notification. After his extortion attempts failed, Sharp shared information with the media while pretending to be a whistleblower and accusing the company of downplaying the incident. This caused Ubiquiti's stock price to fall by roughly 20%, from $349 on March 30 to $290 on April 1, amounting to losses of over $4 billion in market capitalization.

This discussion has been archived. No new comments can be posted.

Former Ubiquiti Dev Charged For Trying To Extort His Employer

Comments Filter:
  • by bubblyceiling ( 7940768 ) on Thursday December 02, 2021 @09:19PM (#62042113)
    He could have made a lot more than his $2 Million Ransom Demand
  • Bullshit numbers (Score:5, Informative)

    by Rosco P. Coltrane ( 209368 ) on Thursday December 02, 2021 @09:34PM (#62042139)

    losses of over $4 billion in market capitalization

    I love how fantastical numbers like that are always thrown around in lawsuits to make the consequences of the deed appear much worse than they really are.

    Here's the truth: the shareholders only lost $4 billion if they sold all their stock the day after the stock price artifically plunged because of what the guy did. As long as they don't sell the shares, nobody loses anything at all.

    Market cap is mostly a bullshit metric from the finance world that doesn't translate in real worth - or loss thereof. It's a number that says "This is what the amount of actual dollars you'd get if you liquidated this company", and the reason it's bullshit is, if someone did attempt to liquidate the company, the share price would instantly collapse.

    Also, if the company is sound and the incident was isolated, the stock price will go back up. So no loss. If it isn't, the stock price may stay lower, thereby surely reflecting the true worth of the company and showing that the previous price was overinflated.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Stock prices don't move on their own. Stock prices only move when a seller of stock finds a buyer of stock. In order for the price to have lowered someone sold at that lower price and someone else bought at it.

      • Sure, yes. We can trade a single share that paints the tape and sets the market cap.
        There are things like VWAP that traders look for more accurate representation.

  • It smells more like a guilty party throwing up a smoke screen to steal the time required to destroy the evidence.
  • From TFA, "Throughout this process, the defendant tried hiding his home IP address using Surfshark's VPN services. However, his actual location was exposed after a temporary Internet outage."

    Shoulda used at least 7 proxies Dude. Didn't they teach you that in Hacker School?

    • by e3m4n ( 947977 ) on Friday December 03, 2021 @12:01AM (#62042465)
      The biggest mistake was he kept re-inserting himself in the investigation trying to throw off the scent. But investigators are trained to look for that. As soon as they refused to pay the ransom he should have shut the whole thing down, deleted everything and go to ground. A bad attitude and a slow going increase in insubordination would get you fired with not much attention. Its an easy way out without drawing too much attention. It was a gamble that failed. Trying to turn it into chess got him caught. Its likely how they found the initial mistakes in the first place.
    • What's especially odd about that mistake is that (according to the indictment) he was a senior developer, sufficiently involved with infrastructure to have full admin credentials within the AWS environment, and working for a networking company.

      That's the sort of CV that suggests you might have heard about, quite possibly seen, the fact that VPN tunnels(whether for business site-to-site or on-premises-to-cloud-provider or the consumer ones that trade in promises of anonymity) take time to reestablish them
  • ..Surfshark will roll over and give LEO/FBI all the logs they supposedly don't keep.

    • Read the summary again. They couldn't get the logs from Surfshark.

      He would have been safe with Whonix/Qubes/Tails.

      • Nawwww..cute.

        What really happened is Surfshark handed logs over, and the FBI came up with a plausible cover story to protect their informant.

        That's how things are done. Many more saps will not be frightened off Surfshark now, and they're within reach of law enforcement if needed.

  • What he did was not very SHARP.

  • Cases like this hurt actual whistleblower cases. People who might come forward about things are now going to be less likely to do so out of fear of being implicitly accused of being a criminal since businesses can now point at the Ubiquiti case as evidence of a possible crime. Any business can now say, "We're looking into the matter and working with law enforcement to make sure this isn't another Ubiquiti scandal." Every whistleblower is now able to be freely labeled a criminal without a trial thanks to

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...