Ex-Ubiquiti Programmer Admits to Attempting to Blackmail Company

Nickolas Sharp, a former employee of Ubiquiti, a networking device maker, pleaded guilty today to stealing a large amount of data from the company's network and attempting to extort them while pretending to be an anonymous hacker and whistleblower. Sharp had access to confidential information which he used to demand a ransom, according to U.S. Attorney Damian Williams. When his demands were not met, Sharp retaliated by causing false news stories to be published about the company, resulting in a $4 billion drop in market capitalization. He was arrested and charged with data theft and extortion on December 1, 2021. Ubiquiti revealed a security incident in January 2021 following the data theft. While trying to assess the scope of the incident, Sharp also attempted to extort Ubiquiti, asking for 50 bitcoins in exchange for revealing the vulnerability used to breach the network and returning the stolen files. Ubiquiti refused to pay and instead changed all employee credentials, disabled a second backdoor from its systems, and issued a security breach notification. After the extortion failed, Sharp shared information about the incident with the media while pretending to be a whistleblower, accusing Ubiquiti of downplaying the breach. This caused the stock price to drop by almost 20%, leading to a loss of over $4 billion in market capitalization. Sharp was found to have stolen confidential files from Ubiquiti's AWS infrastructure and GitHub repositories using his cloud administrator credentials and cloning hundreds of repos over SSH. He also tried to hide his home IP address using a VPN service, but his location was exposed due to a temporary Internet outage. He also modified log retention policies on Ubiquiti's servers and other files to hide his identity during the incident investigation. Sharp faces a maximum sentence of 37 years in prison if found guilty. He is scheduled to be sentenced on May 10 by U.S. District Judge Katherine Polk Failla. Nickolas Sharp, a former Ubiquiti employee, has pleaded guilty to stealing a large amount of data from the company's network and attempting to extort them while posing as an anonymous hacker and whistleblower. He had access to confidential information which he used to demand a ransom, and when his demands were not met, he retaliated by causing false news stories to be published about the company, resulting in a $4 billion drop in market capitalization. He was arrested and charged with data theft and extortion on December 1, 2021. Ubiquiti revealed a security incident in January 2021 following the data theft. Sharp asked for 50 bitcoins in exchange for revealing the vulnerability used to breach the network and returning the stolen files, but Ubiquiti refused to pay and instead changed all employee credentials, disabled a second backdoor from its systems, and issued a security breach notification. After the extortion failed, Sharp shared information about the incident with the media while pretending to be a whistleblower, accusing Ubiquiti of downplaying the breach. This caused the stock price to drop by almost 20%, leading to a loss of over $4 billion in market capitalization. Sharp was found to have stolen confidential files from Ubiquiti's AWS infrastructure and GitHub repositories using his cloud administrator credentials and cloning hundreds of repos over SSH. He also tried to hide his home IP address using a VPN service, but his location was exposed due to a temporary Internet outage. He also modified log retention policies on Ubiquiti's servers and other files to hide his identity during the incident investigation. Sharp faces a maximum sentence of 37 years in prison if found guilty. He is scheduled to be sentenced on May 10 by U.S. District Judge Katherine Polk Failla.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 02 Feb 2023 19:02:02 +0000


Cyber News related to Ex-Ubiquiti Programmer Admits to Attempting to Blackmail Company

Ex-Ubiquiti Programmer Admits to Attempting to Blackmail Company - Nickolas Sharp, a former employee of Ubiquiti, a networking device maker, pleaded guilty today to stealing a large amount of data from the company's network and attempting to extort them while pretending to be an anonymous hacker and whistleblower. ...
1 year ago Bleepingcomputer.com
ExUbiquiti Staff Member Admits to Pretending to be a Cybercriminal - Nickolas Sharp, a former employee of Ubiquiti, has confessed in court to misusing his company-provided credentials to steal data and then attempting to extort the company. Sharp, 37, of Portland, Oregon, was a senior developer at the New York ...
1 year ago Securityweek.com
Ubiquiti users report having access to others' UniFi routers, cameras - Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device ...
9 months ago Bleepingcomputer.com
Court Charges Programmer for Disclosing Security Flaw Publicly - In a case that ignites the age-old debate between security concerns and ethical hacking, a German court has convicted a programmer who uncovered a critical vulnerability in software developed by Modern Solution. A freelance IT consultant hired by a ...
8 months ago Cybersecuritynews.com
Former Ubiquiti Employee Admits to Stealing Data Extortion and Slander Campaign - Nickolas Sharp, a 37-year-old former software engineer from Portland, Oregon, who worked at Ubiquiti Networks, has admitted to stealing large amounts of data from the company, attempting to extort millions of dollars, and damaging the company's ...
1 year ago Bitdefender.com
Former Ubiquiti Employee Pleads Guilty to Data Extortion and Insider Attack - A former employee of the technology company Ubiquiti, Nickolas Sharp, pleaded guilty on Thursday in a Manhattan federal courtroom on charges related to perpetrating an audacious insider attack on his employer. Sharp, 37, was a senior software ...
1 year ago Therecord.media
CVE-2018-10631 - Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application ...
4 years ago
Clear Spring Life and Annuity Company Announces Data Breach Following Ransomware Attack - On November 21, 2023, Clear Spring Life and Annuity Company filed a notice of data breach with the Attorney General of California after discovering a February 2023 ransomware attack. In this notice, Clear Spring explains that the incident resulted in ...
10 months ago Jdsupra.com
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies - Phishing emails mimicking DocuSign are rising, thanks to a thriving underground marketplace for fake templates and login credentials. Over the past month, researchers from Abnormal Security claim to have tracked a significant increase in phishing ...
4 months ago Darkreading.com
Shimano's Cyber Siege: A Saga of Resistance Against Ransomware - Shimano Industries, a prominent Japanese multinational manufacturing company specializing in cycling components, fishing tackle, and rowing equipment, seems to have been hit by a massive data breach by the ransomware attacker LockBit, who has ...
9 months ago Cysecurity.news
Unlocking Data Privacy: Mine's No-Code Approach Nets $30 Million in Funding - An Israeli data privacy company, Mine Inc., has announced that it has completed a $30 million Series B fundraising round led by Battery Ventures, PayPal Ventures, as well as the investment arm of US insurance giant Nationwide, with the participation ...
10 months ago Cysecurity.news
The Worst Hacks of 2023 - The cybersecurity slog will no doubt continue in 2024, but to cap off the past 12 months, here's WIRED's look back at the year's worst breaches, leaks, ransomware attacks, digital extortion cases, and state-sponsored hacking campaigns. One of the ...
9 months ago Wired.com
Why We're a Cisco Family Through and Through - I started my career as a contractor with Cisco back in December 2003 with the Support Delivery Services IT Finance team. Even as a contractor, I could see from day one the incredible culture Cisco had, and everyone made me feel like I was part of the ...
10 months ago Feedpress.me
What Do CISOs Have to Do to Meet New SEC Regulations? - Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer, but the past few months have felt particularly challenging. The recent charges from the US Security and Exchange Commission ...
9 months ago Darkreading.com
5 Steps for Preventing and Mitigating Corporate Espionage - Here are five key strategies companies should implement to prevent and mitigate corporate espionage. The absence of an NDA can expose a company to significant risks, including unauthorized disclosure and misuse of confidential information. Companies ...
9 months ago Darkreading.com
Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive - Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. ...
8 months ago Cysecurity.news
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
7 months ago Securityboulevard.com
CVE-2018-18984 - Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. ...
4 years ago
CVE-2023-25931 - Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control ...
1 year ago
UK Teen Gets Indefinite Hospital Order For 'Grand Theft Auto' Hack - A British teenage hacker has been sentenced to an indefinite hospital stay to be treated for his inability to control himself online. A jury concluded that Kurtaj, whom psychiatrists deemed unfit to stand trial, had carried out numerous computer ...
9 months ago Securityweek.com
VictoriaMetrics co-founder on open source and funding The Register - Interview Monitoring biz VictoriaMetrics is relatively unusual in its field. It is yet to accept external investment, preferring instead to try to grow organically rather than being forced to through a private equity meat grinder by committing to ...
9 months ago Go.theregister.com
TeamViewer: Hackers copied employee directory data and encrypted passwords - Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government. In an update on Sunday ...
3 months ago Therecord.media
As Meta rolls out end-to-end encryption, police warn keeping children safe 'no longer possible' - The move will ensure that Meta's users are protected from abusive legal requests from non-democratic governments. Globally the company receives hundreds of thousands of government requests for user data annually, according to its transparency center ...
9 months ago Therecord.media
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
10 months ago Windsorstar.com
SpyLoan Scams Target Android Users With Deceptive Apps - Security researchers have uncovered a surge in deceptive Android loan apps since the beginning of 2023. These applications, posing as legitimate personal loan services, attract users with promises of quick and easy access to funds. Their true intent ...
10 months ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)