A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting to be working on remediating the theft.
Portland resident Nickolas Sharp allegedly stole gigabytes of data from Ubiquiti Inc., a technology company headquartered in New York, where Sharp was employed from August 2018 to around April 1, 2021.
According to an indictment unsealed on Wednesday in Manhattan Federal Court, Sharp’s senior developer role gave him access to credentials for the company’s Amazon Web Services (AWS) and GitHub servers.
Around this time last year, Sharp allegedly repeatedly disguised his IP address through virtual private network service (VPN) Surfshark, then abused his administrative access to exfiltrate his employer’s confidential data.
While he was anonymously inside his employer’s network, Sharp allegedly altered log retention policies and other files to hide his intrusion.
In January 2021, while working as part of a team tasked to remediate the theft of the data, Sharp allegedly posed as an anonymous hacker and sent his employer a digital ransom note. In the note, Sharp demanded 50 Bitcoin (worth around $1.9m at the time) to return the stolen data and identify a supposed “backdoor” in the company’s network.
After his employer refused to pay up, Sharp allegedly published some of the stolen files online in a public forum.
In March, when FBI agents searched Sharp’s residence and showed the defendant records of his Surfshark service purchase in July 2020, Sharp claimed it had been bought by someone else through his PayPal account.
Following the search, Sharp allegedly posed as an anonymous Ubiquiti whistleblower and caused false news stories to be published in which it was claimed that an unknown cybercriminal had maliciously acquired root administrator access to the company’s accounts to steal the confidential data prosecutors say was taken by Sharp.
Following the publication of these articles, between March 30, 2021, and March 31, 2021, Ubiquiti experienced a 20% drop in stock price.
Sharp was arrested on December 1. He is charged with wire fraud, transmitting a program to a protected computer that intentionally caused damage, the transmission of an interstate threat and making false statements to the FBI.
Sarah Coble News Writer | INFOSECURITY MAGAZINE