Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort Ubiquiti.

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced.

Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access credentials for Ubiquiti’s AWS and GitHub servers.

In December 2020, he abused his administrative credentials to download confidential data using the Surfshark VPN to hide his IP address. However, during an outage at his home, the IP address became unmasked, court documents reveal.

To hide his unauthorized activity, Sharp modified log retention policies and other files.

In January 2021, Ubiquiti alerted users of a data breach at one of its third-party cloud providers, saying that it had no indication of user data being accessed during the incident.

Around the same time, Sharp, who was helping with the investigation into the data breach, sent a ransom note to Ubiquiti, claiming he was an anonymous attacker who had access to the company’s network.

In the ransom note, he was asking the company to pay 50 bitcoin (roughly $1.9 million at the time) in exchange for the stolen data and for revealing the backdoor he purportedly had installed on Ubiquiti’s network. After the company refused to pay, he published some of the stolen data online.

In March 2021, the FBI searched Sharp’s home and seized electronic devices containing evidence of his actions. When confronted with the evidence, Sharp lied about accessing the company’s data without authorization and about purchasing a VPN to hide his activity.

Advertisement. Scroll to continue reading.

Several days after the search, claiming to be an anonymous whistleblower within Ubiquiti, Sharp provided investigative journalist Brian Krebs with false information about the incident, claiming that a hacker had gained root administrator access to Ubiquiti’s AWS accounts.

In fact, it was Sharp who used credentials he had access to as a Ubiquiti employee to steal company data. The DoJ announced charges against Sharp in December 2021.

The company’s shares fell approximately 20% following the publication of the false information about the incident, causing a loss of $4 billion in market capitalization.

Sharp pleaded guilty to the breach, to wire fraud, and to making false statements to the FBI. If found guilty, he faces up to 35 years in prison. His sentencing is scheduled for May 10, 2023.

The DoJ’s indictment and press release do not mention Ubiquiti specifically, but it’s clear that Sharp admitted to being the perpetrator behind the Ubiquiti incident.

Related: Canadian NetWalker Ransomware Affiliate Pleads Guilty in US

Related: Mexican Businessman Pleads Guilty in U.S. to Brokering Hacking Tools

Related: California Man Pleads Guilty Over Role in $50 Million Fraud Scheme

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.