The January story of illegal access to the network of network equipment manufacturer Ubiquiti received an unexpected continuation. On December 1, the FBI and the New York City Attorney's Office announced the arrest of former Ubiquiti employee Nicholas Sharp. He is charged with illegal access to computer systems, extortion, fraud using telecommunications systems (wire fraud) and giving false evidence to the FBI.
According to a (now-deleted) Linkedin profile, Sharp served as the head of the Cloud Team at Ubiquity until April 2021, and before that he held senior engineering positions at companies such as Amazon and Nike. According to the prosecutor's office, Sharp is suspected of illegally using his official position and, accordingly, administrative access to Ubiquiti's computer systems, in December 2020, to clone about 150 repositories from a corporate account on Github to his home computer. To hide his IP address, Sharpe used the Surfshark VPN service. However, after an accidental disconnection from his ISP, Sharpe's home IP address "lit up" in the access logs.
In January 2021, while already a member of the "incident" investigation team, Sharpe sent an anonymous letter to Ubiquiti demanding a payment of 50 bitcoins (~$2m) in exchange for silence and disclosure of the alleged vulnerability through which access was gained. When Ubiquiti refused to pay, Sharp released some of the stolen data via Keybase. A few days after that, he formatted the laptop drive, through which he cloned data and corresponded with the company.
In March 2021, FBI agents searched Sharpe's home and seized several "electronic devices". During the search, Sharp denied ever using Surfshark's VPN, and when presented with documents showing that he purchased a 2020-month subscription there in July 27, he alleged that someone had hacked into his PayPal account.
A few days after the FBI search, Sharpe contacted Brian Krebs, a well-known information security journalist, and gave him an "insider" about the Ubiquiti incident, which was published on March 30, 2021 (and may have been one of the reasons for the subsequent fall Ubiquiti shares by 20%). More details can be found in the text of the accusation.
Source: opennet.ru