I wish I was a crime podcast host right now — it’d be my favorite way to tell this tantalizing story about a tech worker hacking his own company, demanding a ransom, and later turning into a ‘whistleblower’ to cover his tracks.
According to a document published by a New York district court, Nikolas Sharp, a former employee of network device maker Ubiquiti, hacked the company’s system and demanded a $2 million ransom. This is just the tip of the iceberg of the story, so let’s unpack what happened.
Who is Nikolas Sharp?
Sharp was a cloud lead at Ubiquiti Networks from August 2018 to March 2021, according to his LinkedIn profile. Prior to this, he worked at companies like Amazon and Nike.
What was the big Ubiquiti security incident?
In January, the company, sent an email to its customers saying that a hacker had gained access to its systems hosted on third-party services —such as AWS — and some customer data including names, email IDs, addresses, and phone numbers may have been exposed. The company, which makes Wi-Fi mesh gears access points primarily for enterprise customers, said it wasn’t aware of any malicious activity on any user’s account.
You can read the full email in the tweet below:
Ubiquiti was breached. Notification emails went out to customers just now. Change your password on your Ubiquiti account pic.twitter.com/pm1ebVbPfS
— Milton Security (@MiltonSecurity) January 11, 2021
At the time of this disclosure, the company wasn’t aware of the hacker’s identity. The fun bit was that Sharp was a part of the team that was investigating the scope of the incident.
What did Sharp actually do?
As a cloud lead, Sharp had access to certain keys to get into the company’s AWS and GitHub repositories. On December 10 last year, he anonymously logged into the company’s AWS account, and a few days later, he accessed the company’s GitHub account.