IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ubiquiti data breach orchestrated by “trusted insider”, says DoJ

Software engineer Nickolas Sharp faces 37 years in prison for allegedly exploiting his access credentials to extort his employer

A cyber attack on Ubiquiti Networks, first reported earlier this year, was allegedly orchestrated by a former employee of the Internet of things (IoT) manufacturer.

This is according to an indictment released by the US Department of Justice (DoJ), which names software engineer Nickolas Sharp as being the “trusted insider” behind the January attack.

Sharp is accused of having taken advantage of his authorised, Cloud Lead access to Ubiquiti’s Amazon Web Services (AWS) and GitHub servers in order to obtain gigabytes of confidential data, masking his identity with a Surfshark VPN.

Posing as an anonymous hacker, it's believed he then contacted his employer demanding a ransom of 50 Bitcoin, which at the time was worth close to $2 million. When Ubiquiti refused to engage, Sharp allegedly released a portion of the stolen data “on a publicly accessible online platform”, which had not been named by the DoJ.

It's also alleged he then posed as a whistleblower to the media in order to accuse Ubiquiti of allegedly downplaying the severity of the breach.

Ubiquiti customers were warned in January to change their passwords after the company discovered an intruder had accessed corporate systems hosted on AWS, although information on the hack was limited at the time.

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

Sharp was arrested on Wednesday in the US state of Oregon, where he resides. Although the indictment uses the term “Company-1” instead of outright naming Ubiquiti as the victim, all the details of the data breach point towards the company.

Moreover, Sharp lists Ubiquiti as his employer at the time of the attack on his LinkedIn profile, having left the company in March 2021 to pursue a senior staff software engineer role at fleet management solutions provider Lytx.

His plot was uncovered when a temporary internet outage during the data exfiltration process unveiled Sharp’s home IP address, according to the indictment.

Commenting on the news, US attorney Damian Williams said that Sharp faces “serious federal charges”, which include ​​transmitting a programme to a protected computer that intentionally caused damage, transmission of an interstate threat, wire fraud, and making false statements to the FBI. With the four charges combined, Sharp could face up to 37 years in prison.

FBI assistant director Michael J. Driscoll said that the agency alleges that Sharp “created a twisted plot to extort the company he worked for by using its technology and data against it”.

“Mr. Sharp may have believed he was smart enough to pull off his plan, but a simple technical glitch ended his dreams of striking it rich,” he added.

Ubiquiti representatives were not immediately available for comment.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022