The Department of Justice arrested a former Ubiquiti employee on Wednesday, claiming he stole confidential files and then extorted his company for almost $2 million. The saga continued as the employee, Nickolas Sharp, told news outlets that the company mishandled the leak, the DOJ reported, leading to a significant drop in share prices. The DOJ never names Ubiquiti, but the details in the indictment match the wireless tech company's security breach in January.
Ubiquiti alerted customers of the breach on Jan. 11, telling them an unauthorized person had access to some of its "information technology systems hosted by a third party cloud provider." The hijacker accessed servers that had data such as users' names, email addresses and passwords. In March, a supposed whistleblower inside the company told Brian Krebs the leak was "catastrophically worse than reported." According to the whistleblower, the hacker gained access to Ubiquiti's databases on AWS and the company lost control of its credentials. After the report, Ubiquiti's stock fell from $376.78 on March 29 to $298.30 on March 31.
The DOJ says in the indictment that the company's shares fell approximately 20% between March 30 and March 31. And it says the company is a New York-based tech company, matching Ubiquiti's description. According to the DOJ, Sharp was employed at the company from August 2018 through March 2021, matching up with a LinkedIn profile that appears to be Sharp.
The indictment reports that Sharp used administrative access in December 2020 to download confidential data, using a VPN to hide his IP address while he pulled from the company's AWS and GitHub databases. In January, he posed as an anonymous hacker and sent a ransom note for 50 bitcoin, at the time equivalent to around $1.9 million. In return, he promised the confidential information and knowledge of a vulnerable hole in the company's systems. When it refused, Sharp published some of the stolen data publicly.
Sharp was discovered due to a brief internet outage in his home that caused his VPN to stop working, which revealed his IP address. The FBI searched his home, according to the DOJ, where he claimed innocence and said someone else must have bought the VPN from his PayPal account. Apparently, Sharp circulated false news reports as a whistleblower after the FBI visited his home and seized his devices.
The DOJ arrested Sharp in Portland, Oregon and charged him in four counts: intentionally damaging a computer program, transmitting an interstate threat, wire fraud and lying to the FBI. If the DOJ proves its case, it remains to be seen why Sharp pursued such an intense vendetta, and what Ubiquiti will do to prevent inside attacks in the future.