Former Ubiquiti engineer sentenced to 6 years for stealing firm knowledge, tried extortion

Briefly: An engineer who labored for wi-fi networking merchandise supplier Ubiquiti has been sentenced to 6 years in jail for stealing gigabytes of confidential knowledge from the corporate and demanding $1.9 million for its return. Nickolas Sharp claimed his plan was an “unsanctioned safety drill” to enhance community security, however the decide did not settle for this excuse.

Bloomberg writes that 37-year-old Sharp pleaded responsible to costs of deliberately damaging a protected laptop, wire fraud, and making false statements to legislation enforcement. Prosecutors declare he extorted cash from Ubiquiti whereas purportedly working to repair the safety breach he’d created.

Sharp requested United States District Choose Katherine Polk Failla that he obtain no jail time because the cyberattack was really an “unsanctioned safety drill” that left Ubiquiti “a safer place for itself and for its purchasers.” Sharp additionally claimed that Ubiquiti CEO Robert Pera had prevented him from “resolving excellent safety points,” which led to the engineer growing an “idiotic hyperfixation” on fixing the “uncontrolled” and “not rational” safety flaws.

Failla didn’t settle for Sharp’s excuse. “It was lower than Mr. Sharp to play God on this circumstance,” the decide mentioned, including that he’d had loads of alternatives to “pull again from the precipice.”

Sharp used his administrative entry to Ubiquiti’s methods to steal the key info throughout his time on the firm between August 2018 and April 2021. He used his cloud administrator credentials to clone tons of of repositories over SSH and steal non-public recordsdata from Ubiquiti’s AWS infrastructure and GitHub repositories.

Prosecutors mentioned he was found copying roughly 155 knowledge repositories when an web outage briefly disabled his VPN, leading to his dwelling IP deal with being unmasked by Ubiquiti. Sharp admitted to mendacity to FBI brokers throughout a search of his dwelling in Match 2021.

US lawyer for the Southern District of New York, Damian Williams, mentioned Sharp, who earned $250,000 per 12 months, made “dozens, if not tons of, of legal selections” and even implicated harmless co-workers to divert suspicion away from himself. Sharp admitted that his actions have been deliberate for “monetary acquire.”

Ubiquiti spent over $1.5 million making an attempt to remediate Sharp’s “breathtaking” theft. Ars Technica writes that he price the corporate much more after posing as a whistleblower, planting false reviews within the media, and contacting US and international regulators to research Ubiquiti’s downplaying of the info breach. He additionally claimed that Ubiquiti lacked a logging mechanism that might have prohibited it from figuring out whether or not the “attacker” had accessed any methods or knowledge. Sharp’s actions precipitated Ubiquiti’s inventory to crash, wiping $4 billion off its market cap.

“Nickolas Sharp was paid near 1 / 4 million {dollars} a 12 months to assist maintain his employer secure,” Williams mentioned in a press launch. “He abused that belief by stealing an enormous quantity of delicate knowledge, making an attempt to implicate harmless staff in his assault, extorting his employer for ransom, obstructing legislation enforcement, and spreading false news tales that harmed the corporate and anybody who invested within the firm. Sharp now faces critical penalties for his callous crimes.”

Middle picture: Workplace snapshots