Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Crime

Former Ubiquiti Employee Pleads Guilty To Attempted Extortion Scheme (theverge.com) 15

A former employee of network technology provider Ubiquiti pleaded guilty to multiple felony charges after posing as an anonymous hacker in an attempt to extort almost $2 million worth of cryptocurrency while employed at the company. From a report: Nickolas Sharp, 37, worked as a senior developer for Ubiquiti between 2018 and 2021 and took advantage of his authorized access to Ubiquiti's network to steal gigabytes worth of files from the company during an orchestrated security breach in December 2020.

Prosecutors said that Sharp used the Surfshark VPN service to hide his home IP address and intentionally damaged Ubiquiti's computer systems during the attack in an attempt to conceal his unauthorized activity. Sharp later posed as an anonymous hacker who claimed to be behind the incident while working on an internal team that was investigating the security breach. While concealing his identity, Sharp attempted to extort Ubiquiti, sending a ransom note to the company demanding 50 Bitcoin (worth around $1.9 million at that time) in exchange for returning the stolen data and disclosing the security vulnerabilities used to acquire it. When Ubiquiti refused the ransom demands, Sharp leaked some of the stolen data to the public.
The FBI was prompted to investigate Sharp's home around March 24th, 2021, after it was discovered that a temporary internet outage had exposed Sharp's IP address during the security breach.

Further reading:
Ubiquiti Files Case Against Security Blogger Krebs Over 'False Accusations';
Former Ubiquiti Dev Charged For Trying To Extort His Employer.
This discussion has been archived. No new comments can be posted.

Former Ubiquiti Employee Pleads Guilty To Attempted Extortion Scheme

Comments Filter:
  • The guy was using a commercial VPN service?!? Like that is impervious to search warrant.. I'm not even going to list the thousands of freely-available ways this criminal could have routed their attack to be far less traceable. The evidence is here that other mistakes were doubtlessly going to foil this ill-conceived caper.
    • Except he wasn't caught due to the nature of the VPN service at all, and there's no evidence that the VPN service he was using was retaining records that would have led to him.

      The kind of service used here, or who provided it is not what got him caught. The lack of a VPN killswitch is.

  • Perp couldn't be that clever. thinking a VPN would hide his home IP.
  • Except he should have called the story "True IP Addresses"

"I am, therefore I am." -- Akira

Working...