If there were the title “Employee from Hell of the Year”, Nickolas Sharp, a former employee of Network device manufacturer Ubiquiti, would have deserved it. What he is supposed to have deducted from his employer is hard to believe.
Data theft, extortion, defamation – this brings together a lot
He is now in custody. Among other things, he is accused of data theft and attempted blackmailing of his employer. His criminal fantasy did not end there. What happened?
US Attorney Damian Williams sees it as proven that Nicolas Sharp gigabytes of confidential data from the AWS and Github – Stole infrastructure from Ubiquiti by using his credentials as a cloud administrator and cloning hundreds of GitHub repositories via SSH.
In doing so He faked a hacker attack and then sent his employer an anonymous ransom note. 50 Bitcoin, around 2 million US dollars at the time, was supposed to pay Ubiquiti to get the data back and information about an existing security gap. This is reported by Bleeping Computer.
Sharp was quickly targeted by the US Federal Police FBI, whereupon he turned to the media as an anonymous informant and the wrong one Alleged that the theft was committed by a hacker exploiting a vulnerability in the company’s computer system.
He also blamed Ubiquiti for this Downplaying the extent of the attack. This caused the network maker’s share price to drop about 20 percent, representing a loss of over $ 4 billion in market capitalization.
He tried to disguise his activities with various methods. So he used a VPN to access the company structure. In addition, he changed the logging strategy so that logs were deleted after just one day. Sharp wanted to ensure that no evidence would be available for later investigations.
Ubiquiti is not intimidated
Ubiquiti went with us The incident turned out differently than Sharp had expected. The company made the incident public, refused to pay the ransom, found and instead removed a second back door in its systems and changed all employee credentials.
In the wake of an Internet failure, Sharp’s IP address was ultimately determined. Now he is being charged on four counts. If convicted, he faces a maximum sentence of 37 years in prison.