Former Ubiquiti Developer Nick Sharp Charged With Extortion and Causing 2020 “Breach”

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

tommy here from lawrence systems and on january of 2021 ubiquity reported a breach which i did a video on where i said it's an explanation but not a justification and i see it like that because i wanted to explain what happened and the fact that companies are often silent when there's an ongoing investigation later there was a krebs article that said ubiquity's handling of the breach was catastrophic and poor and the breach was much bigger and worse than anyone had said because of an anonymous tip from a whistleblower that allegedly worked at ubiquity and on december 1st we got a little more insight to what's going on because on december 1st they arrested nick sherp former employee of technology company charged with stealing confidential data and extorting company for ransom while posing as an anonymous attacker now the thing is we have this labeled as company one but why do i think this is ubiquity well nick sharp if you checked his linkedin profile says he works for ubiquity and works for ubiquity during the time that this occurred and it all lines up with everything in the indictment here and he was trying to extort them for two million dollars to return to files and identification of remaining perverted vulnerability this is really interesting because what he claimed was there was a attack that allowed this attacker to steal the data and part of the ransom that would be paid is also disclosing how the attack happened which is actually really easy for neck he could just say i did it but i don't think that was his plan i'm not really sure nick had a plan or was very clear on how all this was going to go down now nick's position afforded him a very high level of privilege at ubiquity therefore he had the full access to do this and what made matters worse is when the breach occurred and the anonymous email came in with this demand nick was assigned to do the investigation because well that was something he was in charge of his cloud credentials cloud development and this creates kind of a big problem we didn't know nick was the one doing it so they assigned nick to the task but you can't easily protect against insider threats but you can create good audit logs which of course nick subsequently tried to delete nick sharp exploited his access trusted insider to steal gigabytes of confidential data from his employer then posing as anonymous attacker sent the company nearly two million dollar ransom demand now what actually caused him to fail and how all of this occurred and here's where it aligns he was employed by company one from about august of 2018 up to april 1st of 2020 sharp was a senior developer who had access to credentials for amazon web services and github servers in july of 2020 nick purchased surf shark vpn to mask his public ip but at one point while he was exfiltrating data apparently he had an internet failure and the vpn didn't come back up so his home ip address became unmasked following a temporary in-n-out internet outage at sharp's home this is part of the identifying piece of information that they needed so they knew he was using the same surf shark vpn with that same surf shark vpn ip and connecting to those github and aws accounts with these credentials then when that vpn dropped he logged in with his home ip address now you have some correlation data that the fbi was using in order to get a search warrant and then raid next home this is where things get a little bit crazy because it was after they refused to demand he published part of the data he had stolen then on march 24 2021 fbi agents executed a warrant on sharp's residence in portland oregon and seized certain electronic devices belonging to sharp during the execution of that sharp made numerous false statements to the app agents including other things and substance that he was not the perpetrator incident and that he had not used surf shark bpm prior apparently he forgot that he bought it on his paypal and they confronted him and of course it was his paypal account and he said someone else must have used my paypal account to do this purchase this is where he dug himself a deeper hole several days after the fbi executed the search warrant at sharp's residence sharp caused false news stories to be published about the incident in company one's response to the incident related to closure and though story sharp identified himself as an anonymous whistleblower with company one who had worked on remediating the incident which actually was a truthful part he was also the one causing the incident so in some ways he wasn't lying when they said he was being bungled because as it turns out nick was the one doing the bungling both internally and being the threat actor also being in charge of the investigation so yeah this is just kind of a big mess now nick is facing a lot of jail time over this this is a terrible idea to do insider threat to steal information to do any of these things it's just like embezzlement or any other type of crime against your employer i don't really get it i think it's just a horrible idea if you hate your employer leave if you are just after some money i don't know that seems like a lot of money i guess a few million dollars but is it really worth it because of the jail time he's facing i don't know that's ultimately something he's going to have a lot of time to think about because i don't really see a way out of this now whether he pleads guilty not guilty whether there's a trial will be kind of interesting if he pleads guilty does a plea deal we'll probably not have any more information than we have right now if there's a trial there will be a lot of transcripts and we may gain some insight into the wherewithal and what he was thinking when he did all of this and you know could be kind of interesting to read this is actually some of the source material over at darknet diaries they will go through and record transcripts to put their amazing stories together because they do offer a little bit more insider compelling reasons and some of the details of what went on that's more than just the charges that you see brought against someone in the end though insider threat is really really difficult to protect against you can compartmentalize things as much as possible you can follow all principles of least privilege but ultimately someone has to put those compartments and those principles together of least privilege and if that is a higher end employee in terms of their position and the access they need to do their job they do pose a threat now the next best thing you can do is have really detailed audit logs of what people did and when to keep an eye on how things are going now this does not stop someone from stealing data it just lets you know and gives you a trail to who took the data and how that data was exfiltrated if it was so there's a lot of controls can be put around that but it's still a really challenging problem the good news is it doesn't happen very often so it's not something that you should absolutely be worried about but the worry is never absolutely zero it is something that you should always be putting as much mitigation in place but ultimately yes even as a business owner myself i do have to put faith and trust in some people it's the only way you'll grow your business and move forward now i'll leave links down below to the krebs article and the follow-up krebs article and the bleeping appear article and the indictment itself of course so you can dive in and read i haven't really seen anything else relevant lots of speculative things of this or that and the other posted in different reddit forums nothing really of material or interesting or any more than just people wanting to ra ra saying he was not a nice person but i think anyone who tries to steal from their employer and do this is really not a night person so i think nick's a dick and i think i seen that on reddit and i'll at least agree with that statement right there all right and thanks and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the subscribe button and the bell icon if you'd like to hire a sure project head over to lawrences.com and click the hires button right at the top to help this channel out in other ways there's a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all of our videos including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly so check back frequently and finally our forums forums.laurensystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thanks again for watching and look forward to hearing from you you

Info

Channel: Lawrence Systems

Views: 33,378

Rating: undefined out of 5

Keywords: LawrenceSystems, ubiquiti developer charged with extortion, ubiquiti extortion, ubiquiti breach update, ubiquiti breach update krebs, ubiquiti breach, Nick Sharp, Nick Sharp Social Media, insider threat, insider threat cybersecurity, insider threat awareness

Id: S68FSa_gWMA

Channel Id: undefined

Length: 8min 12sec (492 seconds)

Published: Thu Dec 02 2021