Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced.
Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access credentials for Ubiquiti’s AWS and GitHub servers.
In December 2020, he abused his administrative credentials to download confidential data using the Surfshark VPN to hide his IP address. However, during an outage at his home, the IP address became unmasked, court documents reveal.
To hide his unauthorized activity, Sharp modified log retention policies and other files.
In January 2021, Ubiquiti alerted users of a data breach at one of its third-party cloud providers, saying that it had no indication of user data being accessed during the incident.
Around the same time, Sharp, who was helping with the investigation into the data breach, sent a ransom note to Ubiquiti, claiming he was an anonymous attacker who had access to the company’s network.
In the ransom note, he was asking the company to pay 50 bitcoin (roughly $1.9 million at the time) in exchange for the stolen data and for revealing the backdoor he purportedly had installed on Ubiquiti’s network. After the company refused to pay, he published some of the stolen data online.
In March 2021, the FBI searched Sharp’s home and seized electronic devices containing evidence of his actions. When confronted with the evidence, Sharp lied about accessing the company’s data without authorization and about purchasing a VPN to hide his activity.
Several days after the search, claiming to be an a ..
Support the originator by clicking the read the rest link below.
