HomesecurityThe hack at Ubiquiti may have been an internal affair

The hack at Ubiquiti may have been an internal affair

An indictment from the Ministry of Justice suggests that the Ubiquiti hack reported in January and the subsequent allegations of cover-up were the work of someone who was then an employee of the company. The DOJ claims that Nickolas Sharp, 36, was arrested Wednesday on charges of using his employees' credentials to download confidential data and sending anonymous requests to the company he worked for, pretending to be a hacker in a bid to ransom 50 Bitcoin.


See also: The WIRTE hacking group targets governments in the Middle East

The indictment does not specifically name Ubiquiti, it simply refers to "Company-1". However, all the elements fit. In January, Ubiquiti sent an email to users saying that an unauthorized person had access to "its information systems hosted by a third party cloud provider". In March, someone claiming to be an informant described the incident as "catastrophic", claiming that the company could not say the full extent of the attack because it did not keep logs and that the attacker had access to Ubiquiti Amazon Web Services (AWS). ).

The indictment alleges that the company is based in New York, where Ubiquiti is based, and says that the company's share price fell by about 20 percent between March 30 and March 31 after the news of the incident. According to Yahoo Finance, Ubiquiti shares were worth $ 376,78 on March 29 and fell to $ 298,30 as of March 31.

Perhaps most notable is the allegation that Sharp appeared as an informant in the media in late March 2021 - at the same time as an informant accused Ubiquiti of covering up the seriousness of the data breach, despite the company 's denial that user data was targeted. We also saw a LinkedIn profile that appears to belong to Sharp and shows him working for Ubiquiti during the time mentioned in the indictment.

See also: Microsoft warns of six major Iranian hacking groups

The DOJ alleges that Sharp accessed the company's Amazon Web Services and Github accounts after applying for a job with another company in December 2020. The indictment says another employee discovered the breach days after Sharp downloaded "gigabytes" of confidential data. and implemented AWS policies. Sharp reportedly turned to the response team to investigate the incident, and the Department of Justice says it used this method to try to avoid suspicion.


According to the indictment, Sharp sent an anonymous ransom email promising not to publish the data and to help the company fix a backdoor if 50 Bitcoin was paid by January 10, 2021. The DOJ claims that Sharp published some of the stolen data when the company did not pay the ransom.

The Department of Justice says it was able to locate Sharp due to a minor technical error. Sharp allegedly used the SurfShark VPN to hide his identity when receiving data and sending emails, but for a moment, his real IP was identified and recorded as a connection to the company's GitHub. According to the Department of Justice, this happened when the connection to Sharp's home was cut off and then resumed.

See also: Zerodium: Requires zero-day exploits for Windows VPNs

According to the indictment, this eventually led to FBI to conduct a search warrant at Sharp's home, where he denied using SurfShark and said someone else had used his PayPal account to purchase the subscription.

If Sharp is found guilty and the Justice Department can prove that the incident unfolded as described in the indictment, it will certainly shed new light on reports of Ubiquiti's hacking. The indictment alleges that Sharp launched the attack using the credentials given to him to do his job. In March, Ubiquiti insisted on statement that the intruders did not have access to customer data, which does not appear to contradict the information now being leaked.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement