Nickolas Sharp, a former senior developer at Ubiquiti, was sentenced to six years in prison for stealing company data, attempting to extort his employer, and aiding in the publication of misleading news articles that seriously affected the market capitalization of the company.

In January 2021, network device maker Ubiquiti announcement that he suffered a data breach at a third-party cloud provider in December 2020, telling all of his customers to reset their passwords and enable 2FA on their accounts.

While allegedly working as part of the incident response, the Justice Department said Sharp was impersonating the anonymous hacker, demanding that Ubiquity pay 50 Bitcoin ($1.9 million at the time). era) to find out the exploited vulnerability and to have the stolen data deleted.

After the company refused to pay, Sharp contacted the media, impersonating a whistleblower to spread false information about Ubiquity’s handling of the security incident.

“In these stories, Sharp identified himself as an anonymous whistleblower within Company-1 [Ubiquiti] who worked to resolve the incident and falsely claimed that company-1 was hacked by an unidentified perpetrator who maliciously obtained root administrator access to company-1’s AWS accounts,” reads THE US DoJ announcement.

“In fact, as Sharp was well aware, Sharp itself had taken Company-1’s data using the credentials it had access to, and Sharp had used that data in an unsuccessful attempt to extort Company-1. -1 for millions of dollars.”

The DOJ claims that the spread of false information caused Ubiquiti’s share price to plummet by approximately 20%, which equates to market capitalization losses of more than $4 billion.

The evidence led to Sharp

In December 2021, Sharp was arrested and charged with data theft and extortion after internal investigations showed he used his privileges to exfiltrate customer data from his employer’s systems.

While the dishonest developer had erased his tracks from logs in company systems and used Surfshark VPN to hide his IP address during the attack, a temporary internet outage disrupted the encrypted tunnel connection and briefly exposed his position.

In February 2023, after Sharp repeatedly tried to mislead FBI investigators, the former Ubiquiti employee pleaded guilty one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of misrepresentation to the FBI.

Although the charges could carry a maximum sentence of 37 years in prison, the court for the Southern District of New York decided to sentence Sharp to 6 years in prison, three years of probation and ordered the payment of restitution of 1 $590,487.