Ex-Ubiquiti Engineer Sentenced To 6 Years For Data Theft And Extortion – eCrimeBytes Nibble #33

An ex-Ubiquiti engineer behind their massive 2020 data theft was sentenced to six years.

Nickolas Sharp purchased and used SurfShark VPN to hide his IP address as he downloaded their GitHub repositories from home. He also hid his IP address when he attempted to cover his tracks by switching their AWS log retention policy to only one day.

Things did not go according to plan for Sharp because around 2:16am on Dec 22, 2020 his internet went out and interrupted his data exfiltration exercise. When his internet came back up, there was a moment when his VPN was not active and his true IP address showed up as the source.

Throughout the next two weeks, Sharp pretended to work with the incident response team inside Ubiquiti, as his co-workers did not know he was responsible. On Jan 7, 2021 Sharp sent a ransom email requesting 25 Bitcoin for the data to not be published. Ubiquiti did not pay, so the data was posted. Ubiquiti’s stock fell 20%, or $4 billion! He was also the source of false media stories which helped the stock price decline as well.

Sharp used excuses ranging from “How stupid would I be to let my home IP address leak if I were attacking Ubiquiti?” to “Someone else must’ve used my PayPal to buy SurfShark VPN”. He also tried the “It was all just a security exercise” move to which he was still sentenced to 6 years because why would the judge believe that?

The kicker is that Ubiquiti paid him $250,000 a year prior to this incident for his normal job, but that still did not stop his attack and ransom attempt.

Further Reading

One response to “Ex-Ubiquiti Engineer Sentenced To 6 Years For Data Theft And Extortion – eCrimeBytes Nibble #33”

Leave a Reply

Your email address will not be published. Required fields are marked *