Nickolas Sharp, a former senior developer of Ubiquiti, was sentenced to 6 years in jail for stealing firm knowledge, trying to extort his employer, and aiding the publication of deceptive information articles that severely impacted the agency’s market capitalization.
In January 2021, community machine producer Ubiquiti introduced that it suffered a knowledge breach at a third-party cloud supplier on December 2020, informing all its clients that they wanted to reset their passwords and allow 2FA on their accounts.
Whereas allegedly working as a part of the incident response, the Division of Justice says Sharp posed because the nameless hacker, demanding that Ubiquity pay 50 Bitcoin ($1.9 million on the time) to study of the exploited vulnerability and for the stolen knowledge to be deleted.
After the corporate refused to pay, Sharp contacted the media, posing as a whistleblower to unfold misinformation about how Ubiquity dealt with the safety incident.
“In these tales, Sharp recognized himself as an nameless whistleblower inside Firm-1 [Ubiquiti] who had labored on remediating the incident and falsely claimed that Firm-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator entry to Firm-1’s AWS accounts,” reads the U.S. DoJ announcement.
“Actually, as Sharp properly knew, Sharp himself had taken Firm-1’s knowledge utilizing credentials to which he had entry, and Sharp had used that knowledge in a failed try to extort Firm-1 for hundreds of thousands of {dollars}.”
The DOJ says the unfold of false data resulted in Ubiquiti’s inventory worth dropping by about 20%, comparable to market capitalization losses of over $4 billion.
Proof led to Sharp
In December 2021, Sharp was arrested and charged with knowledge theft and extortion after inside investigations confirmed that he used his privileges to exfiltrate buyer knowledge from his employer’s methods.
Whereas the rogue developer had cleared his traces from the logs within the firm’s methods and used Surfshark VPN to cover his IP throughout the assault, a brief web outage disrupted the encrypted tunnel connection and briefly uncovered his location.
In February 2023, after Sharp repeatedly tried to mislead FBI investigators, the previous Ubiquiti worker pleaded responsible to 1 depend of transmitting a program to a protected laptop that deliberately precipitated injury, one depend of wire fraud, and one depend of creating false statements to the FBI.
Though the fees might incur a most sentence of 37 years in jail, the Southern District Court docket of New York determined to condemn Sharp to six years in jail, three years of supervised launch, and ordered the fee of restitution of $1,590,487.
