A 37-year-old American has been sentenced to six years in prison for stealing data from Ubiquiti and for blackmailing the company. The man also contacted the media and pretended to be a whistleblower, making the seriousness of the hack appear greater than it was.
It verdict is lower than the maximum 35 years in prison he could have received. The American, Nickolas Sharp, worked at Ubiquiti as a senior developer from August 2018 and had access to the company’s AWS and GitHub services. In late 2020, he abused this access to steal several gigabytes of confidential information. In doing so, he modified log files and other files to disguise his activities and pretend that colleagues were behind the action.
In January 2021, he extorted the company for 50 bitcoin, about $1.9 million at the time, and claimed to have hacked the company. When Ubiquiti refused, he published some of the stolen data online. At the end of March 2021, the FBI was on Sharp’s trail and they conducted searches at his home. In doing so, they seized, among other things, a laptop that Sharp had used to steal company data.
A few days after the search, Sharp contacted various media outlets and posed as a whistleblower. He claimed that Ubiquiti had been hacked and that the attackers had administrative rights on the AWS servers. Sharp called the hack “catastrophic” and claimed that the company deliberately concealed the impact. Media coverage caused Ubiquiti’s stock market value to drop and the company lost $4 billion in market value.
Sharp pleaded guilty in February this year. After his prison sentence, he will remain under supervision for three years. In addition, he must pay a refund of almost $ 1.6 million. Sharp worked at Ubiquiti until April 2021 and was arrested in late 2021.