Former Ubiquiti Networks employee accused of hacking and extortion

The US authorities have arrested the ex-employee of Ubiquiti Networks and accused him of hacking his own employer, which occurred in December 2020.

Later it turned out that back in December 2020, an unknown hacker broke into the company’s administrative account in Amazon Web Services (AWS) and proceeded to download the company’s source code, install malware, and also gained access to customer data. When in Ubiquiti Networks discovered the attack and removed one of the attacker’s backdoors, he demanded a ransom in the amount of 50 bitcoins and for this money promised to tell where the second backdoor was hidden, to be silent about the hack and not to “drain” the source codes that he had stolen from the company.

According to the US authorities, a 36-year-old Nickolas Sharp, who worked as a developer in the company’s cloud division from 2018 to 2021, was arrested on charges of hacking Ubiquiti Networks, extortion and data theft.

The FBI says Sharpe used the Surfshark VPN account to hide his real IP address and then logged into the company’s AWS and GitHub accounts using the credentials given to him at work. Also during the hack, he used his insider access to the company’s network to change the storage policy for logs and other files, in an effort to hide the intrusion and subsequent data theft.

For a while, everything went according to plan. Ironically, Ubiquiti Networks even included Sharpe on the incident response team without realizing that he was the one responsible for the hack. At this stage, Sharpe sent an anonymous letter to the company and demanded 50 bitcoins (approximately $ 2 million at the time) in exchange for stolen files and information about vulnerabilities that he used to access the network, according to the US Department of Justice and the FBI.

As we discussed earlier, the company refused to pay, independently discovered and removed the second backdoor, dropped all employee credentials, and eventually issued a January letter informing about the attack. In addition, Ubiquiti Networks contacted law enforcement, which ultimately tracked down Sharpe: the Surfshark account that he used to disguise was paid from his PayPal account. Moreover, during the hack, the VPN connection crashed, as a result of which it was possible to find out the real IP address of the intruder.

The authorities write that they announced their findings to Sharpe on March 24 of this year, and then a search was carried out in his house. Despite this, the suspect denied being involved in any wrongdoing and even claimed that someone else could have used his PayPal account to pay for Surfshark VPN.

Investigators say that days after the FBI raided Sharpe’s home, he continued to make mistakes: as an anonymous informant, he turned to news outlets and tried to tell the world that the Ubiquiti Networks hack was more serious than everyone thought. This is exactly what the well-known information security journalist Brian Krebs wrote about in the spring of 2021, and then many world media outlets. As a result, these messages led to a fall in the company’s shares by more than 20%, as a result of which the company lost more than $ 4 billion of its market capitalization.

Let me remind you that we also wrote that Experts recorded more than 500,000 attacks on iOT-devices in 2 hours.