{"id":16885,"date":"2023-02-03T18:32:04","date_gmt":"2023-02-03T17:32:04","guid":{"rendered":"https:\/\/www.show.it\/former-ubiquiti-employee-who-posed-as-hacker-pleads-guilty\/"},"modified":"2023-02-03T18:32:04","modified_gmt":"2023-02-03T17:32:04","slug":"former-ubiquiti-employee-who-posed-as-hacker-pleads-guilty","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/former-ubiquiti-employee-who-posed-as-hacker-pleads-guilty\/","title":{"rendered":"Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty"},"content":{"rendered":"

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced.<\/strong><\/p>\n

Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access credentials for Ubiquiti\u2019s AWS and GitHub servers.<\/p>\n

In December 2020, he abused his administrative credentials to download confidential data using the Surfshark VPN to hide his IP address. However, during an outage at his home, the IP address became unmasked, court documents reveal.<\/p>\n

To hide his unauthorized activity, Sharp modified log retention policies and other files.<\/p>\n

In January 2021, Ubiquiti alerted users of a data breach<\/a> at one of its third-party cloud providers, saying that it had no indication of user data being accessed during the incident.<\/p>\n

Around the same time, Sharp, who was helping with the investigation into the data breach, sent a ransom note to Ubiquiti, claiming he was an anonymous attacker who had access to the company\u2019s network.<\/p>\n

In the ransom note, he was asking the company to pay 50 bitcoin (roughly $1.9 million at the time) in exchange for the stolen data and for revealing the backdoor he purportedly had installed on Ubiquiti\u2019s network. After the company refused to pay, he published some of the stolen data online.<\/p>\n

In March 2021, the FBI searched Sharp\u2019s home and seized electronic devices containing evidence of his actions. When confronted with the evidence, Sharp lied about accessing the company\u2019s data without authorization and about purchasing a VPN to hide his activity.<\/p>\n

Several days after the search, claiming to be an anonymous whistleblower within Ubiquiti, Sharp provided investigative journalist Brian Krebs with false information about the incident<\/a>, claiming that a hacker had gained root administrator access to Ubiquiti\u2019s AWS accounts.<\/p>\n

In fact, it was Sharp who used credentials he had access to as a Ubiquiti employee to steal company data. The DoJ announced charges against Sharp in December 2021<\/a>.<\/p>\n

The company\u2019s shares fell approximately 20% following the publication of the false information about the incident, causing a loss of $4 billion in market capitalization.<\/p>\n

Sharp pleaded guilty to the breach, to wire fraud, and to making false statements to the FBI. If found guilty, he faces up to 35 years in prison. His sentencing is scheduled for May 10, 2023.<\/p>\n

The DoJ\u2019s indictment and press release do not mention Ubiquiti specifically, but it\u2019s clear that Sharp admitted to being the perpetrator behind the Ubiquiti incident.<\/p>\n

Related:<\/strong> Canadian NetWalker Ransomware Affiliate Pleads Guilty in US<\/a><\/p>\n

Related:<\/strong> Mexican Businessman Pleads Guilty in U.S. to Brokering Hacking Tools<\/a><\/p>\n

Related:<\/strong> California Man Pleads Guilty Over Role in $50 Million Fraud Scheme<\/a><\/p>\n

The post Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced. Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access […]<\/p>\n","protected":false},"author":2,"featured_media":16886,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[27],"tags":[],"class_list":["post-16885","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybercrime"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16885"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16885\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16886"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}