Cybercrime , Fraud Management & Cybercrime
Ubiquiti Insider Hacker Pleads GuiltyNickolas Sharp Faces 35 Years in Federal Prison for $1.9 Million Extortion Attempt
The man accused of being Ubiquity Networks Inc.'s insider threat hacker pleaded guilty Thursday to multiple federal crimes just weeks before his trial was set to start.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Nickolas Sharp, 37, faces up to 35 years in federal prison after he admitted to downloading gigabytes of confidential company data, altering logs to cover up his tracks, and then sending an anonymous ransom note demanding 50 bitcoin - all the while working on the team charged with remediating the incident. His extortion demand at the time he sent it in January 2021 was worth $1.9 million.
Sharp's now-deleted LinkedIn page states he worked as a "cloud lead" for Ubiquiti Networks from August 2018 to March 2021. The company did not immediately respond to a request for comment.
After the FBI raided Sharp's Portland, Oregon, home in March 2021, he went public with a chunk of the files and planted false stories in the media exaggerating the scope of the breach, causing Ubiquiti's stock to plummet. Federal prosecutors say Ubiquiti's share price fell by 20% over the last two days of March, causing the company to lose more than $4 billion in market capitalization.
Under his plea agreement, Sharp pleaded guilty to intentionally damaging a protected computer, wire fraud, and making false statements to FBI. He denied to agents having purchased access to the Surfshark virtual private network, which he used to hide his real IP address while snooping on the company's Amazon Web Services account and GitHub code repository.
Although Sharp used his personal PayPal account in July 2020 to obtain a 27-month subscription, he told FBI agents someone else must have used his PayPal account to make the purchase.
The plea agreement stipulates that Sharp will not file an appeal. Sentencing is set for May.
Sharp's trial was set to begin Feb. 27, but prosecutors informed U.S. District Judge Katherine Polk Failla of the Southern District of New York in January that Sharp intended to plead guilty.
Sharp in mid-2022 obtained employment from collaboration software company Atlassian, setting off a brief court fight after prosecutors demanded Sharp be required to share with the Australian firm a copy of his four-count indictment. Failla in October said the matter was moot because "the Court understands from the parties that Mr. Sharp is no longer employed at Atlassian" (see: For Hire: Ex-Ubiquiti Developer Charged With Extortion).