Sit back and listen to how a former security engineer at Ubiquiti costed their shareholders $4 billion dollars when he stole their data and posted online after they failed to pay his ransom. There’s a lot to unpack in that, we know. Join us on our episode to hear more about this wild electronic true crime case!
Note that I first discussed this case back in eCrimeBytes Nibble #33:
Ex-Ubiquiti Engineer Sentenced To 6 Years For Data Theft And Extortion – eCrimeBytes Nibble #33
Sources:
- https://www.courtlistener.com/docket/61588602/united-states-v-sharp/
- https://www.documentcloud.org/documents/21123826-nickolas-sharp-indictmentpdf
- https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-sentenced-six-years-prison-stealing-confidential
- https://cdn.arstechnica.net/wp-content/uploads/2023/05/US-v-Sharp-Sentencing-5-11-2023.pdf
- https://arstechnica.com/tech-policy/2022/03/ubiquiti-sues-journalist-alleging-defamation-in-coverage-of-data-breach/
- https://arstechnica.com/tech-policy/2023/05/ex-ubiquiti-engineer-behind-breathtaking-data-theft-gets-6-year-prison-term/
- https://www.linkedin.com/in/nickolassharp/ (Photo)
- https://github.com/nickhsharp
Chapters:
00:00 Case Details
10:31 Music
10:53 Meet Ubiquiti
17:35 Meet Nickolas Sharp
20:33 Sharp Is Looking To Leave
22:37 The Attack Begins
26:26 Stealing Their S***
27:47 Sharp Slips Up
32:52 Ubiquiti Detects The Incident
40:00 A Search Warrant
43:01 Sharp Is Indicted
43:49 Sharp Pleads Guilty
44:50 Sharp’s Sentencing
53:13 Conclusions
58:32 How To Reach Us
Transcript:
[00:00:00]
Case Details
[00:00:08] Keith: Hey, welcome to eCrimeBytes, season one, episode 16. This one is the Ubiquiti Insider. And Ubiquiti is actually a company’s name. We’re gonna explain them a little later on. So we’ll go ahead and get right into our case details in this, and I’ll take the first one, which is the technology. Now we’re gonna be talking about a handful of different technologies, and we’re gonna try to keep ’em straight for you.
[00:00:34] And a lot of these technologies I’ve been trying to keep up to date on our glossary as well. So if you haven’t gone to our website, go to our website, check out the glossary, and I have lengthier explanations and I have references to places like Wikipedia and other more digestible sources where you can read more about these things.
[00:00:55] So with the technology, we’re gonna first talk about AWS cloud services. And I probably lost like 80% of our listeners right there. AWS stands for Amazon Web Services. It’s cloud services. I like the definition of cloud as just computers that somebody else owns. It’s computers that Amazon owns that are out there on the internet that companies will rent to do certain things in their company’s jobs. So for instance you might have a company that does some kind of like flight tracking work, right?
[00:01:32] And you need to have ways that your customers can access your data from anywhere in the world. Instantly. With AWS cloud services, what you can do, and this is not a commercial for them, this is for any cloud service, Microsoft and Google too. You can set up these computing resources, even as a small company and make it look like you’re a giant company.
[00:02:00] Seth: Yeah, I would just jump in there. I think the only other key thing is it basically takes the burden off of the company from a lot of the administration and due diligence of maintaining, server farms and, having to patch computers and, deal with software updates and stuff like that.
[00:02:14] There’s one way to call it as software as a service or SaaS. I’m sure people have heard of it. There’s other variations to that, like infrastructure as a service, but it’s basically a way to, in some regards, virtualize a much more complicated data center.
[00:02:27] More and more companies are doing this. The only reason I think some people don’t do it is for privacy reasons or they just haven’t figured out the need to scale that way, but it’s extremely ubiquitous and common at this point is I think the key.
[00:02:39] Keith: Yeah, and I’m giving you a very general examples because you could pretty much build anything you want on the internet using something like AWS is what we’re talking about in this scenario, but there’s also Google and Microsoft out there. Now, another piece of technology is something called GitHub. Now, if you’re technical and you hear that, you’re like, hey, I know what that is. For a non-technical audience, let me explain this to you. I’m a programmer. I code every day, all day.
[00:03:10] What a service like GitHub allows me to do is check in my source code, like a Word document, if you’ve ever edited a Word document, and it lets me keep versions of it. So let’s say yesterday I had an idea to implement functionality A. And I implement it. And I can basically check it into a service like GitHub to store my source code.
[00:03:33] Not only for things like backup purposes, if it gets wiped out on my laptop, I don’t have to worry about it cuz it’s up there in the cloud. But I can do other things. If Seth wants to do development with me, he can get on GitHub, we can share this between us. We can do development in tandem and, build out our product and so forth.
[00:03:53] Now that’s the sense of GitHub that we’re gonna be talking about in this case. This is how the company used it. Now another piece of technology is Surfshark vpn. And if you’re not a technical person, I just hit you with those three things. I apologize. We’re gonna try to explain ’em in layman terms as much as possible every time we talk about ’em.
[00:04:15] But Surfshark. Is a vpn. And VPN stands for a virtual private network. And why would somebody want this thing called a virtual private network? Let’s say I’m at home, but I wanna surf a website that’s blocked to the US. Okay? It would be advantageous for me if I could make my IP address, which is the computerized address that we’ve talked about in almost every episode.
[00:04:44] If I make that address for my computer, look like it comes out of a different country than the US, maybe I can access what this website is. That’s what virtual private networks do for you. It takes your traffic on your computer, sends it somewhere else, and then let’s say it’s intended for Netflix, right?
[00:05:07] As it sends it somewhere else, as Netflix would see it, it would come out of wherever you sent your traffic to last. So for instance, if I say send all my traffic through Sweden and I, and then I go browse this Netflix. Netflix is gonna look like I logged in from Sweden to watch my Netflix videos and so forth.
[00:05:31] That’s really as much as you need to know about VPNs. Oh yeah.
[00:05:33] Seth: It changes your. I think it’s worth delineating between how you know now that we’re post Covid, now most people are either familiar with or actually working hybrid or remote, right? So if you’re employed and you work for a company, you probably will log into your company’s network from home via a vpn, which is almost like the reverse of what Dr. Jones just described, which is your company is directing all your activity through there and to their network via a VPN, right? So they absolutely want know what you’re doing and where you’re going versus the opposite, which is what Jones just described.
[00:06:08] Keith: Yeah. It’s in Surfshark. That’s a slightly different scenario where when you’re going to work, you’re using a VPN more for security because it’s protecting your data around it and you’re sending it to your office.
[00:06:20] But if you were sending everything through your office, you’re gonna surf websites and you’re gonna look like you’re coming through your office. If you were to browse Netflix and all your data goes through your office, it’s gonna look like you’re browsing Netflix from your office from Netflix’s point of view.
[00:06:36] Now, Surfshark VPN is a commercial VPN that anybody can buy. You don’t have to work somewhere to have it. And it’s what I call a commercial VPN service. So it’s like X amount of dollars per month. Usually these things are like, I don’t know, like maybe 10 bucks or less per month, especially if you buy ’em on a yearly plan. And it’s a pretty simple thing where you just install it on your computer, you drop down from a list and you say, I wanna be from Sweden today, and it chugs for a second or two, and it says, all right, everything you send now is going through Sweden.
[00:07:05] And that’s as simple as it is, and you’re gonna see this technology, this right here, this is what fails for this criminal, which is I don’t know, almost humorous in a way for the investigators. But you wanna tell us about the crime, Seth? Sure.
[00:07:16] Seth: So you have three things here. You have theft of data, right?
[00:07:20] And this is for all you people who deal with insider threat or data loss prevention, which is my world. Both of those items, this will be right at home, right? If you’re a company, how do you protect your most precious, valuable, proverbial gems, shiny objects that your company has from leaving the network in an unauthorized manner.
[00:07:38] In this instance, it gives you a good example of why this case, it’s an insider, right? They have keys to the kingdom. Destruction of evidence here is interesting. So I work as part of a team that has computer forensics involved. So we get to take a look at, was there any evidence that somebody actively tried to delete the data here? It was a full hard drive wipe, which we’ll get into. And then extortion. Some of you have heard of ransomware. This is similar to that, where our criminal here actually was seeking an exchange of not deleting something, or not releasing something rather into the wild or the public for Bitcoin.
[00:08:11] And we’ll see how that blew up in his face. So Keith, tell us about our insider slash criminal.
[00:08:18] Keith: Yeah, so it’s an insider. One person. His name is Nickolas Sharp, and he’s an engineer. So
[00:08:25] Seth: computer engineer that is,
[00:08:27] Keith: Yeah, an engineer. Software computer. Yeah. Software development type of engineer. Not a, not a train engineer, anything like
[00:08:33] Seth: that.
[00:08:34] So I’m more like professional engineer, like a guy that designs, industrial stuff. Yes. Woohoo.
[00:08:40] Keith: Yep. The point I wanna make here is usually engineers like this either have all the keys to the kingdom, or quite a few keys to the kingdom. When you have an engineer that develops software, a lot of times they’ve gotta access things like your AWS that we talked about in technology.
[00:08:57] They gotta access your GitHub accounts and so forth. And you’re supposed to be able to trust them. We’re gonna find out here that you can’t trust Nickolas Sharp. So who were the victims,
[00:09:09] Seth: Seth? So I guess the obvious one is the company he worked for Ubiquiti. And then as an extension of that, Ubiquiti shareholders and we’ll learn about Heather’s stock price dropped 4 billion or 20%, which is really scary.
[00:09:24] And then we’ll talk about Brian Krebs, who, for those of you who are security people on this call, you probably have heard of Krebs on security. He actually got burned on this one too. Really less of a victim and more of he was a collateral damage here. Keith, tell us why we’re talking about this case today.
[00:09:40] Keith: I picked this case cause I sort of love insider cases. I, when I first started doing computer forensics 20 plus years ago, insider cases were really difficult to investigate because so much damage could happen in such little amount of time and you’re trusting the person that causes the damage. And for me, that just blows my mind.
[00:10:03] So I wanted to pick a case for our audience to show how quickly and how bad things can go south when only just one person in the company can affect, 4 billion worth of stock decline. It’s just amazing. So that was the reason why I picked this case. Hey, stick around and right after our song here, we’re gonna get right into this case and we’re gonna have a picture of Nickolas Sharp too.
[00:10:28] So stick around and check that out. Yeah.
Intro Music
[00:10:31]
Meet Ubiquiti…
[00:10:53] Keith: Hey, welcome back to eCrimeBytes season one, episode 16. This is the Ubiquiti Insider. So immediately, and I haven’t talked too much about this, so immediately you should be going, what does Ubiquiti do? Let me tell you a little bit about ’em. So the internet, if you’re not a, if you’re a computer person, I apologize if this is repeat for you, but if you’re not, the Internet’s made up with a bunch of machines called things like switches.
[00:11:23] And what that does is it makes sure traffic flows on the internet in an optimized manner, and it gets going where it needs to go. It, it reaches the destinations that it needs to reach. So there’s companies out there that build these type of products for internet-based applications and Ubiquiti is just one of them.
[00:11:45] They make not only switches, but they make things like wifi routers they make here. Actually, let me pop up a picture here. I got it for
[00:11:54] Seth: It is a picture right
[00:11:55] Keith: video. So this is their website. And you can see they actually, the router. Yep. That’s a router, first and foremost on their website.
[00:12:03] And you can see right across the top, they say things like, wifi, switching, phone systems, door access, camera security, and so forth. So immediately, immediately, I’m thinking as a defender, they’re a high value target, right? Because the internet is built on the products that Ubiquiti and people like Ubiquiti make.
[00:12:33] So you can imagine any type of security event for this type of company is gonna be a big, big deal because there’s so much of their product, physical hardware, product out there on making the internet be the internet. That it’s a big deal. And when you have hardware companies like this, you start thinking about phrases like supply chain attacks.
[00:12:57] We’ve seen a few of them in the news recently with some motherboard manufacturers and so forth. On the software side there was solar winds, which was, it’s escaping me. Which year that was, if it was wasn’t last year, it was two years ago. It might’ve been year,
[00:13:10] Seth: say 21.
[00:13:12] Keith: I’m getting old.
[00:13:12] If it goes that quickly, Seth.
[00:13:14] Seth: So join the club.
[00:13:17] Keith: So supply chain attacks, those are really detrimental attacks because not only does it affect the company that sells the product, but it affects all their customers too, because it’s all their products that are out there that people have bought and that’s in their homes or routers or it’s in their offices and so forth.
[00:13:37] So compromising Ubiquiti in theory could compromise millions of their customers. That’s what you gotta take away here. Also, Ubiquiti has a lot of intellectual property, so I showed you a picture of their routers. You can imagine they have schematics, electrical diagrams, I imagine they have physical diagrams, they have product specifications.
[00:14:05] They have, the stuff that salesmen need to go sell this stuff. They need source code because they’re software that run on these hardware switches. So they have a ton of intellectual property. That leads us to GitHub. So GitHub is a place, like I said earlier, to store source code. Ubiquiti uses GitHub.
[00:14:27] Now you can use GitHub in a couple different fashions. Myself, I write a lot of free software for the open source community, and a lot of my projects are just open to the public. Like you could go to my GitHub profile and download probably 50 projects that I just give away. I also have a bunch of things that through a corporation I would work on through GitHub as well, that are private.
[00:14:55] Okay. That’s how, as far as I understood it, Ubiquiti used GitHub is, they used it in the, mostly they used it in the private.
[00:15:06] Seth: Private, they’re trying to make money situation. They are a profit generating, so for them, their biggest priority is creating intellectual property that is going to be money generating, which means it is a high value target, right?
[00:15:19] If it got out, if it was. This is how people have to think about data loss. If some, if somebody, this is why people actually, I think, overreact to like, a credit card breach, right? Or, what they call data breach, right? You get a note from TJ Max you’re, your information has been sold.
[00:15:33] It’s not good. But the odds that’s just a breach doesn’t mean you’ve been hacked. It doesn’t mean somebody has now taken your identity and started going on a shopping spree, right? So people need to understand what is a valuable bit of data that if it got out into the public and left where it’s supposed to be, would be problematic here.
[00:15:50] So yeah, if one of Keith Jones open source pieces of code got out there, that’s the point, right? Is that it should be out there. He is trying to do something with it that would benefit a lot of people and not make money from it, versus something that is intellectual property and thus is something that is, is valuable from a money generating perspective.
[00:16:08] It’s the opposite, right? And there should be the appropriate security around it. So Keith and I talked about this before the show, which is legally all courts are deciding that if anyone wants to make a claim that somebody stole their ip, one of the tests that the court is gonna, submit the plaintiffs to is how valuable is the source code vis-a-vis how hard did you try to protect it? The problem with that argument though, is there are people like our subject here who do need to for, for purposes of their job, have keys to the kingdom and have direct access to things. Now there’s still arguments we made about what about the data leaving the system?
[00:16:46] But we’ll get to that. So anyway yes. GitHub is a place to store source code Ubiquiti uses GitHub, and this was, really proprietary sensitive, high value money generating source code we’re talking about here.
[00:17:02] Keith: And they also used AWS or Amazon Web Services. It didn’t specifically say in the documentation about how they did it or how they used it.
[00:17:11] We can tell GitHub because of what the documentation says and what GitHub is, but AWS is so generic that I imagine there’s probably just a lot of processing that they have to do related to their customer networks that they need AWS services for. Now, here’s the point in time where we can show you Mr. Sharp,
[00:17:33] Seth: what does this guy look like?
Meet Nickolas Sharp
[00:17:35] Keith: It is Nickolas Sharp. Here you go. Now I went on his, this is LinkedIn. I didn’t do anything secret or fancy or anything. This is his LinkedIn and I double, triple checked it and everything. He is a senior software engineer and when he was working at Ubiquiti, he was making a quarter million a year.
[00:17:57] So he did software development and cloud infrastructure security. And this is his picture. This is what he chose to put on LinkedIn. And while I was there I was like, huh, I’m gonna, scroll a little farther down the page and see what else he’s got on there. So I scrolled down and first thing I noticed was this, and it says, activity Nickolas hasn’t posted lately.
[00:18:17] And I’m like, Hmm, wonder why. And then we got this scroll down to all his last jobs and somewhere in the middle there is Ubiquiti networks and it’s August, 2018 through March of 2021. So this is pretty fresh of a case. This has been on the news quite a few times. If you’re not the technical industry, you probably didn’t see it as much, but we dug into the court documents and found a lot of interesting stuff.
[00:18:45] And here we are having an episode. So I thought one thing was interesting here, Seth was in the middle there is Ubiquiti networks and he leaves March, 2021, and now he’s, then, he’s working at another place for the rest of that year and then disappears. So it means somebody hired him after this whole thing that we’re gonna present to you.
[00:19:08] Somebody hired him after this. Which I thought was
[00:19:10] Seth: interesting. Love to say. There’s a, an ass for every seat.
[00:19:14] So let’s start going back to July of 2020, so almost about three years ago where Mr. Sharp subscribes to Surfshark VPN. So Keith explained earlier what that is, he downloaded it, he installed it on several devices, he installed it on a phone, he installed it on a laptop.
[00:19:32] So let’s reiterate Keith, what a VPN is at this point and how it changes your IP address. And let’s note for our audience that those items are in our glossary.
[00:19:42] Keith: Yep. So what it does is once you install it and you press it’s, most of them I’ve seen a lot of these, most of ’em are just a big giant red or green button, and you press it. And when you press it, it turns on.
[00:19:54] And some of them you can actually do a dropdown and say, oh, I wanna be from Sweden, or I wanna be from Detroit, Michigan, or whatever. And then you press the button, it turns on, and then literally anything else you send from your phone or your laptop or wherever you have this installed, goes through their network.
[00:20:08] So if you say, Sweden, all your traffic now bounces through Sweden and then comes back, let’s say you’re coming back into the US, it would then come back overseas into the US. But then when the person in the US saw your traffic, they think it’s a person from Sweden visiting them. So from their standpoint, they can’t see your traffic from your home to Sweden.
Sharp Is Looking To Leave
[00:20:33] Keith: All they see is there’s some IP address from overseas coming in and accessing some website or resource at that
[00:20:42] Seth: company. Right. So let’s go to this. So now let’s fast forward to the end of 2020. So last one was one we Surfshark was in July. This is now December of 2020 where Nickolas Sharp applies to work at another company.
[00:20:57] Now, why is this important? He’s looking to leave Ubiquiti, and I can tell you as a security professional people who are leaving their company, we call them leavers, whether they’re leaving voluntarily or involuntarily, statistically tend to be higher risk because people tend to take things with them, whether authorized or not.
[00:21:17] And a lot of times it’s legit stuff. It’s their resume, it’s their tax documents, it’s pictures of their kids, it’s their immigration documents. But people sometimes will work on something and either they will think it’s okay to take it with them and not really realize that it’s proprietary to the company, or they will know that it’s proprietary to the company and say I deserve this, or I need to share my next job.
[00:21:37] I’m taking it with me. What are the odds that they’re gonna do anything or see it, or, or things along those lines. I deal with this every day at my real job.
[00:21:44] Keith: Yeah. And as an investigator I totally agree with that. Every time, almost every time I had to investigate an insider, there was a, there was this point that we’re talking about in the story right now where it’s that person starts to go look for another job, and usually that’s a telltale sign.
[00:22:02] It’s hard to tell, but sometimes you can tell when somebody’s ready to leave. I didn’t know there was actual term for it. I’ve never heard that before. It’s
[00:22:08] Seth: a term that I use internally with my team leavers. That’s, that’s pretty cool. Only because it’s a specific identifiable group. Yeah.
[00:22:15] Although it’s not, right? Most companies have some kind of HR database, right? So if you term somebody, but they’re not gonna be gone for another week, you can usually flag on that metadata, but that doesn’t account for the fact that somebody in their head is I’m leaving in June.
[00:22:29] And doesn’t tell anybody or what have you. It doesn’t mean that they’re not gonna be capable of, sending data out the door. That term is called exfiltration, which is the unauthorized transfer of data.
The Attack Begins
[00:22:37] Seth: Where are we here? Okay, so we are now still in December. That was of. We’re still in December.
[00:22:42] That was the ninth, right? That was the ninth. So the next day, December 10th, very next day, right? Mr. Sharp connects to Amazon Web Services. So Keith explained earlier, right? What that is, right? It’s basically a set of computers I think it’s more of a storage. Basically it is software as a service or infrastructure as a service.
[00:23:01] It virtualizes your internal data center. So he did this, the very next day he logs into AWS via his home IP address, and he checks a specific AW s key, which means his credentials. And then within two minutes, a connection comes in from Surfshark to Ubiquiti AWS infrastructure.
[00:23:23] So Keith, walk us through what actually happened there.
[00:23:27] Keith: All right. So the very first connection that Seth told you about was his home IP address. And this is, probably looks normal. This is his job. He connects to aws. He’s a security person, he’s a software developer. Now he checks this AWS key.
[00:23:40] And this, as far as I could go on the court documents, they just said key. And I know this from my AWS software development days, that this usually means some kind of credentials. It usually means username and password, or it means some kind of public, private key, something that will allow you to access something within aws.
[00:24:01] Okay, so that looks normal. But here, two minutes later, all of a sudden, this suspicious looking connection comes in from Surfshark VPN and accesses, Ubiquiti’s AWS infrastructure using that key. So I can tell you, if you wanna try to get away with something like this, you probably shouldn’t connect two minutes later after you check a key.
[00:24:25] But hey, we’re gonna see he does worse things than this. So stick around.
[00:24:29] Seth: Yes. So Keith, tell us about his GitHub activity. This is a couple weeks later. Sure.
[00:24:35] Keith: And this is what, in my personal opinion, this is the meat of what he did that was bad was he scraped Ubiquiti’s GitHub repositories. And what does that mean?
[00:24:50] Okay. So as, like I said, as a developer, you can usually check in or you can get a copy of or check in copies of software and hardware plans that you’re working on with GitHub, right? You do this normally, this is just normal b a u like business. Yeah. Just being a developer. What happened is this external connection, this suspicious one from Surfshark.
[00:25:25] Does the same thing. It comes in and starts basically cloning. That’s a GitHub term for copying all the repositories and what repositories are you can think of ’em as like projects or they’re just a virtual, virtual folder. Container. Yeah, a virtual folder for your different projects. So we see, or they see Sharp logging in to GitHub using his work credentials from his home IP address, which is normal, like that wouldn’t raise suspicion.
[00:25:57] But then again, one minute later, a high level account connects from a Surfshark VPN and starts downloading all the data that Ubiquiti has on the GitHub repositories. And if you’re probably wondering can’t a public person just do that? Yes, they can. The public repositories. But what Sharp was stealing was their private repositories too, are the ones that are, that’s a
[00:26:21] Seth: critical difference.
[00:26:22] Public does critical difference public and private. Public does
[00:26:25] Keith: not have access to.
Stealing Their S***
[00:26:26] Seth: To put it in English. And we have this in our notes. The person, Mr. Sharp was stealing Ubiquiti’s shit and let’s be very clear. Yeah. That’s a technical,
[00:26:35] Keith: yeah. Technical term. It’s a technical term,
[00:26:37] Seth: not a coincidence.
[00:26:38] Yeah. Was stealing your shit. Yeah. And it, what’s interesting about this is the GitHub, like any other, computer application does keep logs. And we’re gonna get into why that’s important, right? So there is two logs there. There’s a log of his regular, connection from his home IP address, and then the minute later, the log of the Surfshark, and we’ll explain why that matters later.
[00:26:58] Keith: You don’t have to be the world’s best investigator to go, wait a minute, why the hell did he just log in one minute later via Surfshark, after he logged in from his home IP address? He just did that again. So you know, these coincidences like this don’t typically happen when you look in logs and as an investigator, this is gonna stick out like a sore thumb when you open the logs and you go, wait, the last person that just logged in was Sharp from his home IP address, and you go, wow.
[00:27:26] He was really not bright to do that. Hold on a second. It gets worse for him. It does. Let me explain what happens in his slip up, and this happens December 21st of, oh, jeez 20. I left the year
[00:27:41] Seth: off. It’d be 20. 20. 20. Yeah, it was still 2020. This was the day after. This was the day after he did the double login.
Sharp Slips Up
[00:27:47] Keith: So 11:47 PM there was one of these sessions where a Surfshark IP address comes in. It goes into the Ubiquiti GitHub account and starts copying out all the data. It takes a while, okay. It’s not just like an instantaneous process where you press a button and it’s boom, it’s down. It’s a lot of data.
[00:28:11] So it’s an hours, and I say it plural here, process. If you fast forward to the next day, which is just a couple hours later at 2:16 AM Sharp’s internet goes out at home, which you think, okay, now his data theft activity stopped because his internet activity or his internet goes out. Everybody knows.
[00:28:31] My kids complain. This happens. Internet goes out. Nobody can get to anything. So it stops. But here’s the thing. This happened really, really early in the morning. Do you think he knew his internet went out? I seriously doubt it. If my internet went out at two in the morning, I wouldn’t know it. When it came back up, there was a split second when his VPN was not connected, but his GitHub activity of stealing their shit was still connected and his home IP address appeared in the GitHub logs. So you’re gonna hear a lot of defenses coming from Sharp from here to the end. Remember this, because this is in my mind this was the big telling thing of, okay, okay, you can argue all these other things you’re arguing, but your home IP address showed up this morning when your internet went out and came back on. And this is just as an investigator, this would be like the golden nugget,
[00:29:26] Seth: right?
[00:29:26] And there was still some theft, right? There was over 150 repositories that he was able to copy. So he was still extremely successful in what he was trying to accomplish.
[00:29:36] Keith: To give you an idea, we say stealing their shit, a repository could have unlimited amount of shit in it.
[00:29:43] You can put terabytes into that repository, which terabytes means, if I equated something, people know think high definition videos. You could pack that into these repositories. But it’s source code. It’s just text. It’s just
[00:29:58] Seth: it’s Could be monstrous. Could be monstrous. Yeah. Huge. And it’s a diagrams huge, huge amount of combin with the code.
[00:30:03] That can be extremely valuable cuz somebody could essentially recreate that without having done any of the r and d to get there. Yeah. Okay, so let’s move forward four days. Now we are in December 26th, right? Sharp tries to cover his tracks. So we know he used Surfshark to access the AWS repositories and apply one day log retention.
[00:30:27] So that means that anybody’s looking at the logs, or only gonna go back 24 hours, right? And anything other than what would be deleted by AW s every day. So that’s what he tried to do.
[00:30:39] Keith: And if you’re a layman and you’re going, what the hell does this mean? I really wanna understand this. Let me give you a real quick Tencent tour because this is important.
[00:30:50] Companies typically don’t hold onto logs forever because it costs money. So there’s this thing that’s called log retention policy. So they only keep it for X amount of time. Usually. It’s usually either X amount of time or X amount of size. What Sharp did, is he used this facility that is usually used for good, meaning get rid of old logs because I don’t need ’em anymore because, and I don’t wanna pay to have him around anymore.
[00:31:16] He switched it to one day. So basically it chopped off any logs that they would normally use for an investigative purpose in an incident like this. And he just used their own system against them. And now, there are missing logs. Yeah. At the end of the day, there are
[00:31:29] Seth: missing logs. Keep in mind a couple things here though, right?
[00:31:32] A let’s assume an average corporate length of time of a log would probably be around 30 days, right? Yeah. The switch from a 30 day log to a one day log would be logged. Okay. And yeah, if I was looking at it, it’s first thing I’d wanna know is what did the logs show? And if it’s oh, actually the logs, we don’t have them because, they were deleted, I’d say, wait a second, what’s our log retention?
[00:31:54] Well, 30 days. Why does it say one day? Someone must have changed it. Oh, who did that? And when did they do it? There would be a log of that too. This is why computer crimes are so great, because unless somebody is really, really thorough and there’s levels of people that are doing that there’s usually a breadcrumb or something along those lines.
[00:32:11] So similar, we talked about financial crimes, follow the money, computer crimes, follow the logs.
[00:32:17] Keith: Now I’m gonna pause here for one second and make something very clear. No one at this point in the story chronologically, no one knows that blip that we just talked about on his VPN happened that night.
[00:32:30] So still at this point in the story, Sharp is pretending it’s not him that’s doing what Ubiquiti is about to find out happened to them. So keep that in mind even though we explained something that this investigative thing that happened a couple days ago, nobody knows about it at this point. It happens later on and they, when they start doing the investigations that Seth is talking about here,
Ubiquiti Detects The Incident
[00:32:52] Seth: Okay, so two days later on the 28th of December, Ubiquiti and their security team detects the incident.
[00:33:02] So there are other employees, probably their security operations center or somebody in their security world, detected what happened. So Sharp joined a team working to assess the scope of damage from the incident, which is really creepy if you think about it, right? And when the team found inbound connections coming from Surfshark Sharp pretended to not use the vpn.
[00:33:23] He’s I, I, I’ve never heard of it. I’ve n I don’t use that. So I found that to be an amusing scenario. So basically he was undercover. So
[00:33:32] Keith: when we go back and we said, why do we, why this case? And I said, insiders get me every time. It’s shit like this where it’s an insider and nobody knows it’s an insider.
[00:33:42] And that insider’s eh, yeah, I’m part of the security team too. I’m gonna go see what’s going on. And he’s seeing. Everything that they know that they’re investigating about him so he could try to throw ’em off his tracks. He knows how close they are and so forth. It’s just a absolutely mind-blowing.
[00:33:59] Seth: It is. So now let’s flash forward into after the holidays. It is now the first week of January, 2021. And keep in mind, we’re in the middle of Covid at this point, right? A ransom email comes through and the email was sent using an IP address from wait for it. Surfshark, VPN. And the author offered to return the stolen data and not publish or use it for 25 Bitcoins.
[00:34:25] So let’s pause on this. So what we’re talking about is we have 151 repositories of source code and related, very sensitive, very proprietary, very profitable information, right? So Ubiquiti’s worst nightmare would be suddenly somebody puts it out on the internet. It’d be like, the the recipe for Coca-Cola or KFC suddenly being put out there, in which case it can be cloned and anybody else can do it.
[00:34:47] And now, they don’t have a a lock on that specific, bit of the market and that’s why of course or stock could ended up dropping. And 25 Bitcoin. I don’t know what it was selling for at that time, but I think a single Bitcoin now is like $10,000 or something like that. So it’s a lot.
[00:35:01] So it was probably, what was that million? Yeah, so it was, it wasn’t nothing. The author of the email, we know it was Mr. Sharp. Mr. Sharp also offered to disclose his unblocked backdoor to Ubiquiti systems for another 25 Bitcoin. Keith, why don’t you tell us what an unblocked backdoor is?
[00:35:21] Keith: So basically what he’s saying, I’m gonna cut that in half real quick. Let’s talk about backdoor first. A backdoor into a network or a system is just a way for an attacker to access a system. So typically a backdoor will be like a malware program or something on a system that opens up something that somebody from the internet could access on it. Now the reason why I paused there is because another backdoor could be user credentials and you could log in like all the normal people, but you’re just using this backdoor set of user credentials to get into the network.
[00:35:59] And that’s actually a little more difficult, a little more scary because it’s a little more difficult to detect cuz it looks more normal than these malware programs. This, I don’t recall in the paperwork any technical details about his backdoor, but I will tell you that 50 Bitcoin, if you combine them at the time was approximately 1.9 million.
[00:36:22] I think he was basically aiming for a $2 million ransom, if I can read between the
[00:36:25] Seth: lines there. Yeah, that’s what I got to go with as well. Okay, Ubiquiti does not pay. They generally tell you if you ever have, are subject to a ransomware contact, the authorities don’t pay. But actually people do pay.
[00:36:37] You’d be surprised. Anyway, Ubiquiti doesn’t pay. And now we’re on January 9th and Mr. Sharp sends Ubiquiti a note that says, oh no, B T C as in no Bitcoin, no talk. We are done here. And the note included a link to some of the data Sharp had stolen. It was released publicly. So the worst case scenario for Ubiquiti did come to pass to some extent.
[00:37:01] And Ubiquiti fought to remove the data from where it was posted, which was a place called Keybase. That’s just another public repository for data source code rather, but that’s not important. So Ubiquiti got fucked here. Would you say? Dr. Jones?
[00:37:16] Keith: Yeah. Their shit was definitely out there.
[00:37:18] I don’t know it, I didn’t get the impression it was all of it, but I got the impression it was enough that it caused. They’re a publicly traded company and that caused issues.
[00:37:30] Seth: And keep in mind, anytime you talk about, the word risk comes up in security all the time. And I, you know, people are like risk of what?
[00:37:36] It’s not necessarily just risk of, losing money, it’s losing market share, it’s losing value of your stock. And this is a really good use case there. Ultimately it does come down to money. Okay, let’s move on. So
[00:37:51] Keith: 20 days later, Sharp then wipes his work laptop. Why? To cover his tracks.
[00:37:57] And you go, what the hell? If you’re not a computer person, you go, now what the hell is he talking about? Wiping his laptop. Okay, so in your laptop you have storage, right? You have your hard drive. If you were to store something on there and it’s unencrypted, and then you said, oh, I don’t want that on there, and you delete it.
[00:38:18] Computer forensic people, which are investigators that specialize in retrieving computer data, can go into a lot of different types of storage hard drives, and pull back deleted data. So with that background, wiping a laptop is basically going through the hard drive and writing something everywhere on a hard drive that could possibly be written, so that way if there’s any deleted data anywhere in there, you’ve overwritten it with something else.
[00:38:51] So that way it’s not easily recoverable. This is used to cover tracks. There’s typically only two uses for wiping. It’s either to cover your tracks or it’s to sanitize devices before you give up ownership of it. Like you wipe a phone or you wipe a laptop before you give it to a, another family member or something like that.
[00:39:15] Exactly. So if you see it, it’s, it’s, it’s never really in the middle. It’s like you were doing bad shit on your computer or you were giving it away. So in this case it was, he was doing bad shit on this computer.
[00:39:26] Seth: And I can tell you Jones and I are gonna be like-minded on this. Unfortunately, that’s the worst case scenario for an investigator, because then usually it’s like having a crime scene literally hosed down with, with bleach and lime.
[00:39:37] Right. You lose, but you’ll know that that happened, right? So if somebody’s under investigation and then suddenly something is wiped, it’s usually an indication that they were trying to hide something. The odds of that are a are coincidence are extremely rare. Just keep that in mind. So let’s flash forward to we were in January, now we’re in mid late March of 2021, 3/24.
A Search Warrant
[00:40:00] Seth: A search warrant is served at Mr. Sharp’s house. So Sharp made some false statements here. He claimed he was not the perpetrator. He claimed he never used Surfshark, but when shown records of his Surfshark purchase, Sharp claimed someone else uses PayPal to use his Surfshark account. And let’s think about that logic for a second.
[00:40:19] Keith, what do you think about that?
[00:40:21] Keith: Yeah, so he’s saying someone else had to have access to his PayPal account and then used his PayPal account to buy Surfshark. And then I guess he’s implying that then that person used Surfshark to attack a company where he has access to. He worked right, but the, but most outsiders wouldn’t have access to, so it just doesn’t this, as an investigator, you’re like, what?
[00:40:50] Like someone broke into your PayPal bought Surfshark. It’s almost like he’s trying to say someone framed him, but he’s doing a really bad job at it. Yeah,
[00:40:58] Seth: agreed. Okay. So a couple days after the search warrant, sharp tries to plant false articles with reporters such as Krebs on security. And as a side note, we mentioned this earlier as Krebs being a victim here, Ubiquiti ended up suing Krebs and demanding a retraction of his story.
[00:41:17] So Sharp tried to be an anonymous source here within Ubiquiti, and claimed an outside hacker must have broken in and gained root access. Keith, tell us what root access is.
[00:41:28] Keith: Sure. So Root is the name of the administrator on Unix systems. Or you may have heard Linux Systems. It’s the same classification of systems where as the administrator, literally the name is r o o t root, and that person has all keys to the kingdom.
[00:41:49] They can wipe out that system. They can do anything to that system. Now what if you’re, if you’re from the Windows world, think administrator, the administrator account, this is the same thing as the root account in Unix world. So what happened was sharp was saying that someone broke in, or as an anonymous source, and I’m using my air quotes there, he’s saying someone broke into Ubiquiti.
[00:42:17] It was a hacker outsider, not an insider, and they gained root access, meaning they had keys to the kingdom. So these news articles, Ubiquiti is a publicly traded company. So these news articles caused Ubiquiti’s stock price to plummet by 20%. And I was like, wow, I wonder how much 20% is, and I went and researched a couple articles quite a bit.
[00:42:39] It was four fucking billion dollars to Ubiquiti. So it was a big deal, right?
[00:42:45] Seth: Imagine big deal. You’re deal. So imagine you’re like a regular Joe employee who worked at Ubiquiti, not even an executive, and you have all your kids, college funds tied up in Ubiquiti stock. You’re gonna be really upset and rightfully. So, what happened next, Keith?
Sharp Is Indicted
[00:43:01] Keith: November 18th, finally there was an indictment. This is of year 2021. There were four counts to it. There was computer fraud and abuse, intentionally damaging protected computer. That was count one. Count two was transmission of interstate communications with intent to extort.
[00:43:17] Just read that as extortion. The third count is wire fraud, which you typically see on any of these computer crime cases because things go across the internet. And then count four is making false statements because during the search warrant, Sharp told investigators he never used Surfshark VPN and couldn’t be him and all this other stuff.
[00:43:36] So that was a whole separate count that he got
[00:43:39] Seth: charged for. And again, this is one of those situations where not quite saying that the coverup was worse than the crime, but the coverup was certainly just as bad as the crime here.
Sharp Pleads Guilty
[00:43:49] Seth: Couple years have passed now, right? We were in 21, now we’re in 23.
[00:43:54] Finally, I guess after a long investigative process Sharp did plead guilty and he pled guilty to three counts. One count of computer fraud and abuse, specifically intentionally damaging protected computers. That’s the wiping of his machine. The count three of wire fraud and then count four of making false state.
[00:44:12] I think the wire fraud was probably for Keith, what do you think, was it for posting the actual data online or would it be for the ransomware?
[00:44:22] Keith: I forget which it is. They usually go through and they talk about all the points to which wire fraud it is. Yeah, it I can’t remember offhand the one he did not plead guilty to though.
[00:44:33] So he plead. There were four counts. He pled guilty to three of them, and then one of ’em he did not plead guilty to. And so if you see the one that he did not plead guilty to, that was extortion. I was curious, so I thought I’d tell you. Yeah.
[00:44:45] Seth: Got it. Okay. So this is where it gets on the concluding side fairly interesting.
Sharp’s Sentencing
[00:44:50] Seth: So during his sentencing, which was later in the year and the end of April, this is a month ago that we got a sentencing letter from Mr. Sharp. So he sends a letter to the court. I think it’s worth, we re we read it here in its entirety because it’s very telling. Yeah. And very interesting. Maybe we’ll trade paragraphs, Keith.
[00:45:08] It starts, or as my favorite, Casey Kasim, joke goes and he writes, your Honor, it is important that I address the question of why I committed these acts. This is a question that haunts me and one that I do not fail to ask at least daily. Answering this question has led me through some serious introspection.
[00:45:28] Keith: Towards the end of 2020, I became obsessed with the concept of protecting the company from the consequences of its history of ignoring security issues. And I’m gonna pause to tell you, we’re not gonna pause. Let’s just read this thing because it just, it goes on from here. But immediately I started re this, that sentence was the reason why I included this letter in this episode.
[00:45:49] So he says, my assigned mandate from the founder and c e o Robert was to be the one looking out for the quote unquote defense of the company. Yet he was consistently preventing us from doing so. I foolishly determined to run an unsanctioned, quote unquote security drill in order to force the company to resolve outstanding issues.
[00:46:16] Seth: From this absurd point of view, it was a highly effective endeavor. That’s what we call a humble brag. My colleagues and I found and fixed many hundreds of issues in the following weeks. We rotated all exposed credentials. We secured our logging infrastructure. We enhanced our audit trail around administrative actions, and we found and blocked two additional, completely unrelated attackers who had been stealing company code.
[00:46:40] We secured our cloud and server infrastructure and routed server access keys that had been outstanding since 2014. Sounds like a list of wins that the group did at the end of the year.
[00:46:51] Keith: However, this was an unsanctioned exercise. It was not my place to force this issue in this fashion. My mandate was made unachievable due to the CEO’s prioritization, and I should have respectfully stayed within the parameters of my duties.
[00:47:09] Seth: Yeah. This was not an act of malice nor an act of greed. It was an idiotic expression of idealism in a vacuum, a tragic decision that I regret to my core. Yes, Ubiquiti’s customers and engineers deserve security and the ability to follow standards. Yet, in no way should I have taken this action.
[00:47:28] Keith: I am deeply ashamed and sorrowful.
[00:47:31] I let the worst parts of my mind make a decision which has caused harm to many. I apologize to my colleagues who suffered unnecessary stress and unplanned work. I apologize to my family who suffered and continued to suffer significant change in lifestyle as I threw away my entire career over a misguided ideal.
[00:47:51] I apologized to the company, by way of Robert. It was not my place to force your hand. I was instead trying to point out weaknesses in our infrastructure.
[00:48:01] Seth: And to Ubiquiti’s customers. I likewise apologize if you lost confidence in the company. I caused a scare instead of a celebration over a successful security review and audit.
[00:48:12] I wish to be useful to my family. Due to my idiocy, my spouse now has to leave the house at 5:00 AM but doesn’t get back most days until 6:00 PM. I wake my children. I ensure they are fed. I monitor their homeschooling, correcting their work, dictating lessons. I work with them on their household chores.
[00:48:28] Then in the afternoons and weekends, I work whatever, and however I can, fencing, construction, contracting, anything to help backfill the wage disparity I’ve brought upon my family.
[00:48:40] Keith: I will pay every penny of my restitution. It is the least that I can do. My sincerest apologies to everybody at Ubiquiti, Nickolas Sharp.
[00:48:49] Seth: So let’s break that down to you.
[00:48:50] Keith: Whoa. Let’s break it down. Whoa. Holy shit. Lemme just
[00:48:54] Seth: come at you for from the legal perspective, I’m assuming his attorney suggested strongly that he sent a letter throwing himself on the mercy of the court in an effort to gain leniency and I sentencing makes sense.
[00:49:06] And he was basically saying, Hey, hey, hey. I was so idealistic in my need to be a security professional. I felt like the company wasn’t listening to me. I had to teach the listen. And that’s, I think, the way he was going with it. The problem with that argument though is, and we can’t prove this, he also wanted money.
[00:49:31] And that’s an important part of this. Yeah.
[00:49:36] Keith: And there’s so many other reasons. So my eyes picked up on one thing where he said, my colleagues and I worked on this. And it’s I don’t think your colleagues really knew anything until like later on. It’s not like they knew anything about this.
[00:49:51] He was making the argument security assessment that you were doing. So it right there, the argument that sounded like a lie,
[00:49:57] Seth: that all the really, really positive outcomes of the security strengthening and hardening that they had was really a direct result here, which is really what he wanted. And I think that’s utter bullshit.
[00:50:10] Keith: Yeah, cuz why? Why Surfshark vpn? Why? If you could just do it an assessment, why Surfshark VPN. Okay. If that’s outta the picture, then why lie about using a vpn? Let’s say you did, if you were a security assessment and you didn’t want it to come from your home and use vpn, why did just say so?
[00:50:27] Why lie about it? He lied about it. Why? Why go and get Brian Krebs in trouble and pretend there’s this whistleblower stuff that doesn’t fall into that either. Like that. There’s nothing in that picture that falls in there. Why? And like Seth said. Why the ransom? And then at the end of the goddamn day, why publish the stolen data if it’s just a security assessment, go at the end.
[00:50:50] Go, Hey, I could have published your data. But he actually published their data. So there’s so many. I read that whole letter and I’m like, I really, really, really hope the judge doesn’t buy this because as a technical person, I don’t buy any of this. Yeah.
[00:51:05] Seth: The judge didn’t buy it. And let’s talk about what Mr. Sharp got as a sentencing. So he was sentenced to basically two different counts, two different sets of one is a 72 month sentencing, so that’s six years on counts one and three, and then an additional 60 months on count four. But they ran concurrently. So essentially he’s gonna do probably six year sentence.
[00:51:30] I probably, they usually deal with, half of that. But he got six years. And then on top of that, upon release, he’s gotta have three years of supervised release and there’s also special conditions. Keith, tell us about his special conditions.
[00:51:43] Keith: Yeah, so I’m trying to pop these in here cuz they just have been interest to us in the last few episodes.
[00:51:47] Some of these special conditions. So a lot of times there are mandatory conditions, which are everybody has, and then there are special conditions based upon your scenario. So I thought some of these were interesting. A lot of ’em are you, no-brainers like probation officer can have access to any request of financial information.
[00:52:05] But like number two on here, you must not incur new credit charges or open additional lines of credit without the approval of probation officer unless you’re in compliance with the installment payment schedule. I don’t see that a lot on these special conditions. I was like, wow, that’s interesting.
[00:52:19] Another one was if you are associating with somebody that the probation office thinks you might be a danger to. We have the right to tell you that you can’t talk to them anymore is basically how I read it. Yeah, that’s how I read it too.
[00:52:37] I was like, holy shit, I don’t see that very often either. So that was pretty interesting.
[00:52:41] Usually we look for like mental health treatment, drugs or anything like that. I didn’t see that in this case.
[00:52:46] Seth: Yeah. And then some restitution he had to pay back almost 1.6 million.
[00:52:51] I dunno how he’s gonna do that while he continues to feed his family and work construction jobs. But, then again, if he is
[00:52:57] Keith: an ex, he can’t open a line of credit either until he starts paying on this thing according to the last
[00:53:03] Seth: thing. Yeah. He’s gonna have to get hired by, a company that’s willing to overlook his criminal background and hire him for his specific technical skills and probably watch him like a hawk to boot.
Conclusions
[00:53:13] Seth: So Keith, in conclusion, what did we learn here?
[00:53:18] Keith: My first top bullet on this is an insider can make the shit hit the fan really fast and really bad because they have keys to the kingdom because that’s their job. That’s what you usually pay them to do. They can cover up their tracks a lot of this guy was a security person, so security people have access to logs.
[00:53:40] They understand how logs work, they know how to go change log retention policies like Sharp did. And then when you’re investigating, if you don’t know you’re investigating that person, they could be on the team you’re investigating with, which is just a cra like, that’s such a mind fuck that you’re, I you’re sitting next to the person that you’re investigating.
[00:54:00] And then later on you gotta be like, you. You gotta imagine like his coworkers and stuff when they found out it was him later on, they’re like, . Sharp. Sharp. Fuck you Sharp. It’s you were right next to me the whole time.
[00:54:12] Seth: God damn it. Yeah. We, this was a low tech crime. Basically there was just copying data from the cloud over a vpn. Now I will say this, I do wonder, and maybe this was the point, that Ubiquiti, even though this guy was a key to the kingdom, super insider, there should have been better controls here. All right? Data loss prevention is never supposed to be the primary control.
[00:54:33] That is the proverbial cart, not the horse. I tell this to my own colleagues internally. So that is to be said. Now that being said, that may be what his point was, which was I do think there was an element of truth to his letter, which was, Hey, I was frustrated with our company’s lack of taking security seriously.
[00:54:53] So he knew that there were clear vulnerabilities and he exploited them. I don’t think he exploited them out of idealistic views. I think he exploited them because he figured he could make money on it. But I do think it was probably a mix of also just being annoyed that nobody was listening to him.
[00:55:08] Yeah, the but let’s be clear here. This was not a particularly high tech crime. He wasn’t exercising his his software engineering brain here.
[00:55:17] Keith: Yeah. And I’ll, we’ve actually covered most of my other notes on this conclusion, Seth, which is this first of all, 20% stock dip 4 billion.
[00:55:27] That to me, I was like, wow. Oh my God. And like I said, said, it’s a good
[00:55:30] Seth: news case, right? It shows as you said, when the shit hits the fan, it really hits. This is Hey, he actually published something. So arguably, that that data now is no longer valuable to Ubiquiti, cuz now everyone can access it.
[00:55:43] So if that’s worth 4 billion, he costs them 4 billion. Imagine if somebody stole 4 billion from me, you’d be pretty upset. So I think that that cannot be understated.
[00:55:54] Keith: Yeah. And now after you’ve heard his crime, this is why I was surprised that Sharp had employment immediately after Ubiquiti cuz things were public in the news.
[00:56:03] And it looked like he had technical employment immediately afterwards. And then it looked like his court case took off and then you saw there was no activity on LinkedIn I showed you. And then it looks like he’s consulting for himself now, which means he’s in prison. Which the last two bullet points, if you get anything from this and you’re like, I didn’t understand any of the technical stuff, just know that in the technical world, when you have an insider go bad, it goes really, really bad.
[00:56:34] And it doesn’t have to be technical like Seth talked about earlier. This is the equivalent of just drag and drop, copy and paste. It’s a little more technical than that, but the not much equivalent. And look at what happened. So if it was an external attacker, they would have to jump through so many more hurdles to get through your firewalls and all these other places, these insiders, boom, they have the keys, they can access, they can drop the log retention. So it’s difficult to defend against them. And it’s also difficult to detect them because when they do it, they typically look like they’re doing normal stuff in their work, unless they’re just deleting mass amount of data.
[00:57:16] And I, I did do an investigation one time where it was deletion of thousands of servers. In that case, they knew it right away. But in most cases when insiders go bad, it’s hard to detect because they’re accessing all these systems and not deleting data. And you just, you have to have a good plan like Seth talked about, in order to detect them going bad because they just already have access.
[00:57:41] Seth: Yeah, and it, we can have a separate conversation, maybe a separate episode on this. It becomes a bit of a tension between how much can you monitor your employee’s activity without ethically or legally violating some serious issues laws. A as well as, I think the other side of this thing is you have an inside threat and an external threat, but I’d say the bulk of external threats get in because of the insider threat.
[00:58:05] So you’re talking, you’re, you’re malware, you’re vishing, you’re phishing, right? Social engineering, your weak point is still your insider, right? People can break into your network via brute forest, and we can have a separate conversation about what that means, but odds are it’s a human error, insider, or bad judgment or bad actor.
[00:58:23] And that’s why I find the insider threat world to be so fascinating and I’m really excited to still be in it. Keith, that’s all I got for this episode. You wanna close us out here?
How To Reach Us
[00:58:32] Keith: Sure thing. So go to our website. That’s it. If you’re gonna do one thing, go to our website, eCrimeBytes, E C R I M E B Y, as in yellow milk, t e s.com.
[00:58:46] And if you’re on your phone, there’s a little like three lines. If you click on that little hamburger looking thing, it’ll pop down all our social media. You got our glossary in there that we talked about. If you’re on a computer, you don’t have to click on that. You just look at the top bar and all that stuff’s up there for you.
[00:59:04] Now, why am I telling you this? First of all, feel free to communicate with us on social media. I love it when people say, Hey, I enjoyed that episode. Or, Hey, can you talk more about this or that? And we try to do that if you guys like to
[00:59:16] Seth: Sometimes. Sometimes, sometimes people know the subjects we’re talking about and literally in terms of they know the people, which is always interesting.
[00:59:22] Yeah, yeah,
[00:59:24] Keith: yeah. And that’s been interesting. But one big new change that I’m been trying to do, and I’m gonna continue to try to do it, is putting a actual transcript of what Seth and I say up there as well for accessibility purposes. So with a lot of these episodes and so forth, if you see me link to like a blog article or something like that and you wanna read what we’re saying, instead of listening to us on your podcasting app or watching us on YouTube or something like that, you can actually go and read it now too.
[00:59:54] And I go through it personally and try to make it as correct as I can with the time that allows. So it’s like I try to correct all the names and so it’s really like you’re watching us and then I take that and now put it on our YouTube caption, so it’s even more correct when you watch it. Hopefully.
[01:00:11] Hopefully. Yep. So with that, I hope you go over there and check all that stuff out cause I’ve been working really hard at it. I hope to see you on our next one. Thanks. Bye. Take care.
[01:00:21] Seth: All.
[01:00:22]
#ecrimebytes #electronic #truecrime #podcast #sharp #ubiquiti #data #theft #ransom #humor #funny #comedy
Leave a Reply