Former Ubiquiti dev pleads guilty in data theft and extortion case

A former Ubiquiti Networks employee accused of hatching an elaborate plot to first steal nearly $2 million from his employer, extort more, then later orchestrating a smear campaign against the company pleaded guilty to multiple felony charges Thursday.

Nickolas Sharp, 36, of Portland Oregon now faces a maximum of 35 years in prison after pleading to one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of making false statements to the FBI.

“Nickolas Sharp’s company entrusted him with confidential information that he exploited and held for ransom. Adding insult to injury, when Sharp wasn’t given his ransom demands, he retaliated by causing false news stories to be published about the company which resulted in his company’s market capitalization plummeting by over $4 billion,” US Attorney Damian Williams said in a statement Thursday. “Sharp’s guilty plea today ensures that he will face the consequences of his destructive actions.”

The bizarre story behind the Sharp case is the stuff of CISO nightmares. As we previously reported at the time, Sharp was charged in connection with the high-profile Ubiquiti data theft and ransom attempt in late 2021.

Prosecutors accused Sharp — who was working as a cloud lead for the wireless and LAN switching vendor according to his LinkedIn profile — of using his position and administrative access to the company’s AWS cloud instances and GitHub repository to exfiltrate gigabytes of data to his home network.

While a team he was working on investigated the breach, prosecutors say Sharp sent a ransom note demanding 50 Bitcoin — worth about $1.9 million at the time — for the return of the data and to identify the backdoor used to acquire it. When Ubiquiti declined to capitulate to his demands, Sharp leaked some of the data to the public.

Sharp might have succeeded had it not been for his confidence that Surfshark VPN — purchased using his personal PayPal account — would shield his identity. According to prosecutors, while exfiltrating data from Ubiquiti’s GitHub repos, his home IP address was revealed following a brief internet outage.

In March 2021, FBI agents executed a search of Sharp’s home in connection with the hack and seized electronics devices. During the investigation Sharp denied any knowledge of involvement in the case and made “numerous” false statements to the FBI agents, including that he’d never used Surfshark VPN.

When pressed on the matter, Sharp claimed that “someone else must have used his PayPal account to make the purchase,” according to prosecutors. The old excuse, the other one did it.

But rather than lie low in the days following the FBI raid Sharp began reaching out to the press posing as a whistleblower and maligning his employer’s handling of the breach. His false narrative circulated widely, ultimately trimming billions from Ubiquiti’s market capitlisation.

The Manhattan federal court scheduled a sentencing hearing for May 10th. ®

READ MORE HERE