ExUbiquiti Staff Member Admits to Pretending to be a Cybercriminal

Nickolas Sharp, a former employee of Ubiquiti, has confessed in court to misusing his company-provided credentials to steal data and then attempting to extort the company. Sharp, 37, of Portland, Oregon, was a senior developer at the New York City-based IoT device maker between August 2018 and April 2021, and had access to Ubiquiti's AWS and GitHub servers. In December 2020, he used his administrative credentials to download confidential data while using a Surfshark VPN to hide his IP address. To cover up his illegal activity, Sharp modified log retention policies and other files. In January 2021, Ubiquiti reported a data breach at one of its third-party cloud providers, but said that there was no evidence of user data being accessed. Around the same time, Sharp, who was helping with the investigation, sent a ransom note to Ubiquiti, claiming to be an anonymous attacker who had access to the company's network. He asked for 50 bitcoin in exchange for the stolen data and for revealing the backdoor he had supposedly installed on Ubiquiti's network. After the company refused to pay, he published some of the stolen data online. In March 2021, the FBI searched Sharp's home and seized electronic devices containing evidence of his actions. When confronted with the evidence, Sharp lied about accessing the company's data without authorization and about buying a VPN to hide his activity. A few days after the search, Sharp, pretending to be an anonymous whistleblower within Ubiquiti, gave false information to investigative journalist Brian Krebs about the incident, claiming that a hacker had gained root administrator access to Ubiquiti's AWS accounts. It was Sharp who had used his credentials to steal company data. The Department of Justice charged Sharp in December 2021. The company's shares dropped by about 20%, resulting in a loss of $4 billion in market capitalization. Sharp pleaded guilty to the breach, to wire fraud, and to making false statements to the FBI. If found guilty, he could be sentenced to up to 35 years in prison. The DoJ's indictment and press release do not mention Ubiquiti specifically, but it is clear that Sharp admitted to being the perpetrator behind the Ubiquiti incident.

This Cyber News was published on www.securityweek.com. Publication date: Fri, 03 Feb 2023 21:42:02 +0000


Cyber News related to ExUbiquiti Staff Member Admits to Pretending to be a Cybercriminal

ExUbiquiti Staff Member Admits to Pretending to be a Cybercriminal - Nickolas Sharp, a former employee of Ubiquiti, has confessed in court to misusing his company-provided credentials to steal data and then attempting to extort the company. Sharp, 37, of Portland, Oregon, was a senior developer at the New York ...
1 year ago Securityweek.com
The New Cybercrime Atlas: A Collaborative Approach to Fighting Digital Crime - The global transition to the digital economy means that the operations of governments, critical infrastructures, businesses, and individuals are now a tightly integrated system of interconnected resources. Cybercrime presents a significant risk to ...
8 months ago Feeds.fortinet.com
Cybercrims target hotel staff for management credentials The Register - Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. Researchers at Sophos said the latest malware campaign targeting hotels involves sending emails that play on the emotions of staff, while ...
9 months ago Go.theregister.com
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
6 months ago Go.theregister.com
IT helpdeskers increasingly targeted by cybercriminals The Register - It's not a novel phenomenon, nor is it being carried out in a very sophisticated way, Red Canary's latest threat report notes, yet the trend is growing and miscreants are seeing greater rates of success. Keen infosec watchers will remember last year ...
6 months ago Theregister.com
Ex-Ubiquiti Programmer Admits to Attempting to Blackmail Company - Nickolas Sharp, a former employee of Ubiquiti, a networking device maker, pleaded guilty today to stealing a large amount of data from the company's network and attempting to extort them while pretending to be an anonymous hacker and whistleblower. ...
1 year ago Bleepingcomputer.com
Booking.com customers targeted in hotel booking scam - Scammers are hijacking hotels' Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. Secureworks outlined an attack that occurred in October 2023, when a scammer ...
10 months ago Helpnetsecurity.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
9 months ago Packetstormsecurity.com
Human cost of PSNI data breach laid bare in official review The Register - An official review of the Police Service of Northern Ireland's August data breach has revealed the full extent of the impact on staff. The review lays bare the broad impact on staff in Northern Ireland, detailing how various officers have been forced ...
9 months ago Go.theregister.com
Cybersecurity in K-12 Schools - As technology becomes increasingly integrated into K-12 schools, the need for robust cybersecurity measures has never been more critical. By raising awareness and providing insights into effective approaches, this article aims to shed light on the ...
9 months ago Securityzap.com
White House hosts Counter Ransomware Initiative summit, with a focus on not paying hackers - The third annual White House-led counter ransomware summit convening 48 countries, the European Union and Interpol launches in Washington today, featuring several new elements including a pledge from most member states not to pay ransoms and a ...
10 months ago Therecord.media
K-12 schools in Tucson, Nantucket respond to cyberattacks - Schools in Tucson, Arizona, and Nantucket, Massachusetts, are dealing with cyberattacks as U.S. schools continue to face a barrage of threats in the first weeks of 2023. A spokesperson from Tucson Unified School District told The Record that they ...
1 year ago Therecord.media
SpaceX Fired Staff Critical Of Elon Musk, US Agency - National Labor Relations Board alleges SpaceX illegally fired staff who in 2022 had denounced Elon Musk's behaviour. New development has emerged regarding the SpaceX staff who denounced the behaviour of Elon Musk back in 2022. It all stems from an ...
9 months ago Silicon.co.uk
EU Takes a Leap Forward with Cybersecurity Certification Scheme - The EUCC, or EU cybersecurity certification scheme, has an implementing rule that was adopted by the European Commission. The result is consistent with the cybersecurity certification methodology under consideration on EUCC, which was created by ...
7 months ago Cysecurity.news
Developing Cybersecurity Awareness Programs for Schools - Schools are increasingly becoming targets for cyberattacks, necessitating the development of robust cybersecurity awareness programs. Ultimately, a comprehensive cybersecurity awareness program is essential for schools to mitigate risks, enhance ...
9 months ago Securityzap.com
Securing helpdesks from hackers: What we can learn from the MGM breach - In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to security, particularly when it comes to verifying the identity of employees contacting the helpdesk. In this article, we'll explore how ...
8 months ago Bleepingcomputer.com
Google Axes Staff In Assistant, Hardware, Engineering - Hundreds of job losses at Google, as staff are handed marching orders across multiple teams, amid exit of FitBit co-founders. Alphabet's Google is handing down bad news to hundreds of its staff this week, after confirming another tranche of job ...
8 months ago Silicon.co.uk
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
8 months ago Techrepublic.com
Syrian Threat Group Peddles Destructive SilverRAT - The group behind a sophisticated remote access Trojan, SilverRAT, has links to both Turkey and Syria and plans to release an updated version of the tool to allow control over compromised Windows systems and Android devices. According to a threat ...
9 months ago Darkreading.com
Europol confirms web portal breach, says no operational data stolen - Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing ...
4 months ago Bleepingcomputer.com
Europol confirms web portal breach, says no operational data stolen - Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing ...
4 months ago Bleepingcomputer.com
Ransomware Mastermind Uncovered After Oversharing on Dark Web - When researchers responded to an ad to join up with a ransomware-as-a-service operation, they wound up in a cybercriminal job interview with one of the most active threat actors in the affiliate business, who turns out to be behind at least five ...
10 months ago Darkreading.com
Major IT outage denies happy campers their caravan holidays The Register - The UK's Caravan and Motorhome Club is battling a suspected cyberattack with members reporting widespread IT outages for the past five days. UK organizations must notify the ICO within 72 hours if they suffer a breach that's likely to risk people's ...
8 months ago Theregister.com
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks - A high-severity vulnerability in the Ultimate Member plugin can be exploited to inject malicious scripts into WordPress sites, the Wordfence team at WordPress security firm Defiant warns. Tracked as CVE-2024-2123, the vulnerability is described as a ...
6 months ago Securityweek.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)