Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on December 2, 2021

The curious case of the Ubiquiti employee-whistleblower-hacker

Full stack cybercriminal: Employee, hacker, whistleblower, extortionist


The curious case of the Ubiquiti employee-whistleblower-hacker

I wish I was a crime podcast host right now — it’d be my favorite way to tell this tantalizing story about a tech worker hacking his own company, demanding a ransom, and later turning into a ‘whistleblower’ to cover his tracks.

According to a document published by a New York district court, Nikolas Sharp, a former employee of network device maker Ubiquiti, hacked the company’s system and demanded a $2 million ransom. This is just the tip of the iceberg of the story, so let’s unpack what happened.

Who is Nikolas Sharp?

Sharp was a cloud lead at Ubiquiti Networks from August 2018 to March 2021, according to his LinkedIn profile. Prior to this, he worked at companies like Amazon and Nike.

What was the big Ubiquiti security incident?

In January, the company, sent an email to its customers saying that a hacker had gained access to its systems hosted on third-party services —such as AWS — and some customer data including names, email IDs, addresses, and phone numbers may have been exposed. The company, which makes Wi-Fi mesh gears access points primarily for enterprise customers, said it wasn’t aware of any malicious activity on any user’s account.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

You can read the full email in the tweet below:

At the time of this disclosure, the company wasn’t aware of the hacker’s identity. The fun bit was that Sharp was a part of the team that was investigating the scope of the incident.

What did Sharp actually do?

As a cloud lead, Sharp had access to certain keys to get into the company’s AWS and GitHub repositories. On December 10 last year, he anonymously logged into the company’s AWS account, and a few days later, he accessed the company’s GitHub account.

Ubiquiti's Dream Machine access point
Ubiquiti’s Dream Machine access point

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top