The Ubiquiti hack that made headlines in early 2021 apparently was an inside job that involved a former Ubiquiti employee, prosecutors allege.
Moreover, an indictment described how the Ubiquiti veteran allegedly manipulated the cybersecurity media industry to harm the networking company. Unsuspecting victims of the media manipulation apparently included KrebsOnSecurity.
The Timeline: Nickolas Sharp Allegedly Attempts to Blackmail Ubiquiti
The details: Nickolas Sharp was arrested December 1, 2021, on charges of stealing confidential data from Ubiquiti and using it to demand nearly $2 million in ransom, Reuters reported.
According to a timeline from the indictment, Reuters said:
- December 2020: Sharp downloaded confidential data from Ubiquiti, using a virtual private network to mask his location.
- January 2021: Sharp sent a ransom note to Ubiquiti posing as an anonymous hacker and demanding 50 Bitcoin, then worth about $1.9 million, in exchange for returning the stolen data and revealing a purported security vulnerability in the company's systems.
- When the company refused, Sharp published some of the stolen information.
- March 2021: Sharp, posing as an anonymous whistleblower, falsely told media outlets that the data had been stolen by an unidentified hacker.
- Following the publication of several news stories about the breach, Ubiquiti's stock fell about 20% -- essentially erasing $4 billion from capitalization.
Ubiquiti Market Share: Clues From MSP Software Company
The story represents a cautionary tale for MSPs and MSSPs, and the end-customers they serve. Indeed, Ubiquiti's networking gear is very popular in the MSP market and their end-customers. Of the most commonly deployed access point vendors, Ubiquiti has roughly 21 percent market share, according to a recent Network Vendor Diversity Report from Auvik Networks, which develops network monitoring software for MSPs and IT departments.