Nickolas Sharp, a former employee of Ubiquiti, has confessed in court to misusing his company-provided credentials to steal data and then attempting to extort the company. Sharp, 37, of Portland, Oregon, was a senior developer at the New York City-based IoT device maker between August 2018 and April 2021, and had access to Ubiquiti's AWS and GitHub servers. In December 2020, he used his administrative credentials to download confidential data while using a Surfshark VPN to hide his IP address. To cover up his illegal activity, Sharp modified log retention policies and other files. In January 2021, Ubiquiti reported a data breach at one of its third-party cloud providers, but said that there was no evidence of user data being accessed. Around the same time, Sharp, who was helping with the investigation, sent a ransom note to Ubiquiti, claiming to be an anonymous attacker who had access to the company's network. He asked for 50 bitcoin in exchange for the stolen data and for revealing the backdoor he had supposedly installed on Ubiquiti's network. After the company refused to pay, he published some of the stolen data online. In March 2021, the FBI searched Sharp's home and seized electronic devices containing evidence of his actions. When confronted with the evidence, Sharp lied about accessing the company's data without authorization and about buying a VPN to hide his activity. A few days after the search, Sharp, pretending to be an anonymous whistleblower within Ubiquiti, gave false information to investigative journalist Brian Krebs about the incident, claiming that a hacker had gained root administrator access to Ubiquiti's AWS accounts. It was Sharp who had used his credentials to steal company data. The Department of Justice charged Sharp in December 2021. The company's shares dropped by about 20%, resulting in a loss of $4 billion in market capitalization. Sharp pleaded guilty to the breach, to wire fraud, and to making false statements to the FBI. If found guilty, he could be sentenced to up to 35 years in prison. The DoJ's indictment and press release do not mention Ubiquiti specifically, but it is clear that Sharp admitted to being the perpetrator behind the Ubiquiti incident.
This Cyber News was published on www.securityweek.com. Publication date: Fri, 03 Feb 2023 21:42:02 +0000