A former software engineer at Ubikit Networks, sentenced to six years in prison After stealing gigabytes of data from the company, trying to extort millions of dollars, and damaging the company’s reputation in the media.
Back in January 2021, networking maker Ubiquiti forced users to change their passwords and I instructed them to enable two-factor authentication (2FA).
Ironically, one Ubiquiti staff member assigned to investigate the hack was Nicholas Sharp, a Portland, Oregon-based developer who works for the company’s cloud division.
why ironic? Because Sharp was responsible for the hack. He used the employee’s privileged access to steal data and delete logs that could have identified his involvement.
Additionally, Sharp anonymously demanded a ransom of approximately US$2 million to safely return the data, as well as details of the vulnerabilities it claimed to have exploited to access the data.
However, Ubiquity refused to pay the ransom, so Sharp published some of the stolen files online and contacted cybersecurity journalists posing as whistleblowers within Ubiquity.
Media reports on Ubiquiti’s security issues were alleged to have caused Ubiquiti’s share price to fall by 20%, causing a loss of more than US$4 billion in market capitalization.
Sharp’s takedown was that despite using a VPN to hide his home IP address while stealing Ubiquiti’s data, the service was briefly out of service and his real IP address was recorded.
In February, Sharp pleaded guilty to wire fraud charges of lying to FBI agents and sending programs that intentionally harmed protected computers.
This week, Sharp was sentenced to six years in prison, plus three years of supervised release, and ordered to pay $1,590,487 in damages.
This amazing story highlights an under-considered truth within the enterprise. Yes, you should worry about threats from outside hackers. But also consider the insider threat posed by insiders and rogue employees โ people you have entrusted to act responsibly in handling company and customer data.