Former Ubiquiti employee charged with hacking and extorting company - Got caught when VPN connection dropped during attempt, caused shares to drop 20%

  • 🔧 Actively working on site again.
chiobu

chiobu

爪闩尺丂㠪ㄚ
kiwifarms.net
Joined
Sep 10, 2021

Former Ubiquiti employee charged with hacking and extorting company​

  • US authorities arrest and charge Nickolas Sharp, 36, from Portland, with hacking Ubiquiti Networks in December 2020.
  • Sharp worked as a software developer in Ubiquiti's Cloud division from 2018 to 2021.
  • He used work AWS and GitHub credentials to access the company's network and download gigabytes of proprietary data.
  • He tried to extort the company for 50 BTC ($2 million) in January 2021 in exchange of the stolen data and details about backdoors and vulnerabilities used in the hack.
An Oregon man and a former employee of Ubiquiti Networks was arrested and charged today with hacking the company’s servers, stealing gigabytes of information, and then attempting to extort his employer for $2 million when Ubiquiti began investigating the breach.

The suspect, arraigned in a courtroom earlier today, was identified as Nickolas Sharp, 36, from Portland, Oregon, where he previously worked as a software engineer in Ubiquiti’s Cloud division from August 2018 to March 2021.

Full Article:
therecord.media

Former Ubiquiti employee charged with hacking and extorting company

An Oregon man and a former employee of Ubiquiti Networks was arrested and charged today with hacking the company's servers, stealing gigabytes of information, and then attempting to extort his employer for $2 million when Ubiquiti began investigating the breach.
therecord.media therecord.media

archive.md

Former Ubiquiti employee charged with hacking and extorting company -…

archived 2 Dec 2021 10:55:06 UTC
archive.md archive.md

screenshot-threadreaderapp.com-2021.12.02-18_55_27.png

threadreaderapp.com

Thread by @campuscodi on Thread Reader App

Thread by @campuscodi: NEW: A former Ubiquiti engineer was arrested and charged today with hacking the company in December 2020 and trying to extort it for $2 million in January 2021 therecord.media/former-ubiquit…...…
threadreaderapp.com threadreaderapp.com

archive.md

Thread by @campuscodi on Thread Reader App – Thread Reader App

archived 2 Dec 2021 10:56:39 UTC
archive.md archive.md
 

Attachments

  • Screenshot 2021-12-02 18.53.54.png
    Screenshot 2021-12-02 18.53.54.png
    241.4 KB · Views: 60
  • Informative
  • Like
Reactions: The Mass Shooter Ron Soye, Lord Xenu, King Fructose and 2 others
Law enforcement eventually identified Sharp as the hacker after linking the attacker’s VPN connection to a Surfshark account purchased with Sharp’s PayPal account. In addition, the VPN connection also failed during the intrusion, temporarily exposing the attacker’s real IP address, which authorities also linked to Sharp.
Click to expand...
Wow, this is like the opposite of an ad for Surfshark. Imagine jumping through all these convoluted loops and then using a YouTube VPN for your "security" during a $2M extortion attempt. Just incredible.
 
  • Like
  • Agree
Reactions: SodaKing, rareblacklobster, Elysian and 9 others
1. LMAO fucking dumbass. Should have just grinded Leetcode and got a better paying job. Based on his LinkedIn he probably could have used the practice, lots of bouncing around between different roles and not really lasting anywhere isn't a good sign.

2. What kind of two-bit operation allows access to company resources without Single Sign-On and logging into a company VPN with 2FA, with auditable records of every session? I can't trust Ubiquiti after this. If they are this lax about their own security then why should I trust the security of the devices they sell?
 
Spasticus Autisticus said:
2. What kind of two-bit operation allows access to company resources without Single Sign-On and logging into a company VPN with 2FA, with auditable records of every session? I can't trust Ubiquiti after this. If they are this lax about their own security then why should I trust the security of the devices they sell?
Click to expand...
Per the top comment on this Hacker News topic the sort of guy who maneuvered his way into control over those polices:
ex_ubiquiti

Ex-Ubiquiti employee here. Nick Sharp wasn't just a senior software engineer. He was the Cloud Lead and ran the whole cloud team. His LinkedIn profile will confirm it. This is why he had access to everything.

Nick had his hands in everything from GitHub to Slack and we could never understand why or how. He rose to power in the company by claiming to find a vulnerability that let him access the CEO's personal system, but nobody I spoke to ever knew what the vulnerability was. I discussed this with another ex-Ubiquiti person in an old thread [1] Now I'm positive he faked the security issue as a power move, just as he faked this attack for extortion purposes.

He would also harass people and use his control over Slack and GitHub against the people he didn't like. Many people left around this time partially because Nick made everything so difficult at the company. What a terribly depressing series of events.

[1] https://news.ycombinator.com/item?id=26694945
Click to expand...
 
  • Informative
Reactions: 419, Sam Losco and Sprate Header
Besachf Jhakut said:
Per the top comment on this Hacker News topic the sort of guy who maneuvered his way into control over those polices:
Click to expand...
According to the indictment he started the exfiltration of data on December 10th. It took until the 28th for others in the company to detect it. It says he did things like set log retention to one day. There's no excuse for that to have not been detected immediately. Nor is there any excuse for allowing that kind of unrestricted access to root admin accounts. It sounds like the company has very little institutional knowledge of cloud security and they decided to put all their trust in one highly questionable guy by giving him the keys to the kingdom.
 
  • Agree
Reactions: Liber Pater
AmpleApricots said:
This was done about at the skill level I'd assume a people working in such a company would have, so I can't say I'm surprised. What a way to throw your entire life away. Jeez.
Click to expand...
In 2014, there were over 10,000 Ubiquity Nano Routers where to access the Busybox shell over ssh, the hardcoded root account was user:ubnt pass:ubnt

I am not surprised at this.
 
  • Like
  • Horrifying
Reactions: 419 and Spasticus Autisticus
You must log in or register to reply here.
Back