Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
Nicholas Sharp, a former Ubiquiti engineer, was given a six-year prison term for stealing hundreds of gigabytes of private data, holding his former company for a $1.9 million ransom, and then making the information public. Sharpe, who was found guilty by a New York court, entered a guilty plea.
Sharp’s explanations
Sharp made an effort to defend his conduct by saying that the intrusion was a result of a “unapproved security training course” that made Ubiquiti “more secure.” Robert Pera, CEO of Ubiquiti, was charged with obstruction of justice for allegedly blocking security issues and causing his “idiotic hyper-fixation” with resolving them. Judge Catherine Polk Failla stated that the court did not accept Mr. Sharp’s justification and that “Mr. Sharp should not have portrayed God under these conditions.”
What happened?
Ubiquiti told its customers in January 2021 that someone had gained unauthorized access to its cloud-hosted IT systems. In March, a person claiming to be a whistleblower described the incident as “catastrophic,” asserting that the company was unable to determine the full scope of the attack because it did not maintain adequate logs and that the attacker had obtained access to Ubiquiti’s Amazon Web Services, which could have given him root access to all Ubiquiti AWS accounts.
Sharp has long pretended to be an informant, charging Ubiquiti with downplaying the gravity of the data leak. He continued to work for the business at the same time. It doesn’t seem that Ubiquiti’s assertion that the attackers had no access to consumer data conflicts with the facts that the investigation presented.
Results
Technical blunder allowed Sharp to be located. When gathering information and sending emails, he utilized the SurfShark VPN service to conceal his identity, but “in one instance” his true IP address was discovered and logged when he connected to the business’s GitHub. The Justice Department claims that this occurred when Sharp’s home internet connection briefly dropped out before reconnecting.
In exchange for access to a large amount of sensitive corporate data, the former Ubiquiti employee admitted responsibility and wanted a ransom from the firm. The police investigation, he said, was defective, and the company’s data breach was considerably bigger than the probe revealed. He also went to the media under the guise of an anonymous whistleblower.