Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term

[HandymanHandy]

 

 

Summary

An ex-Ubiquiti engineer, Nickolas Sharp, was sentenced to six years in prison yesterday after pleading guilty in a New York court to stealing tens of gigabytes of confidential data, demanding a $1.9 million ransom from his former employer, and then publishing the data publicly when his demands were refused.

 

Quotes

Quote

 

Sharp began working as a Ubiquiti senior software engineer and "Cloud Lead" in 2018, where he was paid $250,000 annually and had tasks including software development and cloud infrastructure security. About two years into the gig, Sharp purchased a VPN subscription to Surfshark in July 2020 and then seemingly began hunting for another job. By December 9, 2020, he'd lined up another job. The next day, he used his Ubiquiti security credentials to test his plan to copy data repositories while masking his IP address by using Surfshark.

 

Less than two weeks later, Sharp executed his plan, and he might have gotten away with it if not for a "slip-up" he never could have foreseen. While copying approximately 155 data repositories, an Internet outage temporarily disabled his VPN. When Internet service was restored, unbeknownst to Sharp, Ubiquiti logged his home IP address before the VPN tool could turn back on.

 

My thoughts

This was coming for him. More than this, he even tried to feed this fake breach info to Krebs on Security who wrote multiple articles defaming Ubiquiti causing their stock to tumble as per their own words. I remember this was discussed last year in WAN show when this came out, so I hope we get to see final thoughts of Linus and Luke on WAN show on this final news.

 

Sources

https://arstechnica.com/tech-policy/2023/05/ex-ubiquiti-engineer-behind-breathtaking-data-theft-gets-6-year-prison-term/

[AnonymousGuy]

Quote

When Internet service was restored, unbeknownst to Sharp, Ubiquiti logged his home IP address before the VPN tool could turn back on.

Lol what a newb:

 

That's what this button is for on my VPN so you don't leak your shit if it disconnects. 

[cmndr]

Ubiquiti isn't perfect as a company or a brand but... this guy... EUGH this guy. 

 

I prefer a less is more approach to criminal justice but I'm glad he's going to have time to think about why leaking million's of peoples' data is bad. 

[wanderingfool2]

Honestly this guy needs to get more than 6 years in prison otherwise it is just another case of being able to be rewarded for crimes.

 

Had his power not restarted he wouldn't have been caught and the damage to Ubiquiti would have been great.  Even now it's still quite great in that some people still believe Ubiquiti was actually breached (instead of a rogue employee)