The curious case of the Ubiquiti employee-whistleblower-hacker
Full stack cybercriminal: Employee, hacker, whistleblower, extortionist
Who is Nikolas Sharp?
Sharp was a cloud lead at Ubiquiti Networks from August 2018 to March 2021, according to his LinkedIn profile. Prior to this, he worked at companies like Amazon and Nike.
What was the big Ubiquiti security incident?
In January, the company,sent an email to its customerssaying that a hacker had gained access to its systems hosted on third-party services —such as AWS — and some customer data including names, email IDs, addresses, and phone numbers may have been exposed. The company, which makes Wi-Fi mesh gears access points primarily for enterprise customers, said it wasn’t aware of any malicious activity on any user’s account.
You can read the full email in the tweet below:
At the time of this disclosure, the company wasn’t aware of the hacker’s identity. The fun bit was that Sharp was a part of the team that was investigating the scope of the incident.
What did Sharp actually do?
As a cloud lead, Sharp had access to certain keys to get into the company’s AWS and GitHub repositories. On December 10 last year, he anonymously logged into the company’s AWS account, anda few days later, he accessed the company’sGitHub account.
How did he get caught?
To mask his identity, Sharp had purchased a license for SurfShark VPN. Court documents suggested that he used this service on multiple devices.
When he was cloning repositories from the company’s GitHub repositories,the power went out at his house, and when he got reconnected, his IP was logged without any protection from the VPN.
That IP address was spotted later during the investigation. In March, The FBI issued a search warrant against Sharp and seized electronics from his house.
The whistleblowing
While the FBI investigation was going on, Sharp allegedlyreached out to news organizations as a whistleblower. He told them that Ubiquiti had downplayed the scope and impact of the breach. He also claimed that the company failed to keep records of what accounts were accessing the sensitive data. You can read about Shap’s claimshere.
To cover his tracks, Shap had also set auto-deleting commands on logs for AWS,so there would be no trace of activity on the account for more than a day.
So what next?
Sharp has four charges against him including hacking, wire fraud, and extortion, and he could face up to 37 years of prison if all charges are proven. So who’s making a podcast ora limited series on this story?
Story byIvan Mehta
Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.“Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.
