Ex Ubiquiti Developer Arrested for Data Theft

Ex Ubiquiti Developer Arrested for Data Theft

A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting to be working on remediating the theft. 



Portland resident Nickolas Sharp allegedly stole gigabytes of data from Ubiquiti Inc., a technology company headquartered in New York, where Sharp was employed from August 2018 to around April 1, 2021. 



According to an indictment unsealed on Wednesday in Manhattan Federal Court, Sharp's senior developer role gave him access to credentials for the company's Amazon Web Services (AWS) and GitHub servers.



Around this time last year, Sharp allegedly repeatedly disguised his IP address through virtual private network service (VPN) Surfshark, then abused his administrative access to exfiltrate his employer's confidential data. 



While he was anonymously inside the network of his employer, Sharp allegedly altered log retention policies and other files to hide his intrusion. 



In January 2021, while working as part of a team tasked to remediate the theft of the data, Sharp allegedly posed as an anonymous hacker and sent his employer a digital ransom note. In the note, Sharp demanded 50 Bitcoin (worth around $1.9m at the time) to return the stolen data and identify a supposed “backdoor” in the company's network. 



After his employer refused to pay up, Sharp allegedly published some of the stolen files online in a public forum. 



In March, when FBI agents searched Sharp's residence and showed the defendant records of his Surfshark service purchase in July 2020, Sharp claimed it had been bought by someone else through h ..

Support the originator by clicking the read the rest link below.