The judge said the hacker was trying to play God.
Nicholas Sharp, a former Ubiquiti engineer, was sentenced to six years in prison for stealing hundreds of gigabytes of confidential information, demanding a ransom of $1.9 million from his former employer, and subsequently making the data public. Sharp, convicted by a court in New York, pleaded guilty.
Sharp tried to justify his actions by claiming that the cyberattack was an "unapproved security drill" that he said made Ubiquiti "more secure". He also accused Ubiquiti's CEO, Robert Peru, of obstructing security issues, leading to his "idiotic over-fixation" on fixing those issues. However, the court did not accept his explanation, and Judge Katherine Polk Failla stated: "Mr. Sharp should not have played God in the circumstances."
In January 2021, Ubiquiti informed its users of unauthorized access to its IT systems hosted by a cloud service provider. In March, a whistleblower described the incident as "catastrophic", arguing that the company could not assess the full extent of the attack because it did not keep proper logs and the attacker gained access to Amazon Ubiquiti's web services, which could give him root. -access to all Ubiquiti AWS accounts.
Sharpe posed as an informant for a long time, accusing Ubiquiti of downplaying the severity of the data breach. However, he still worked for the company. Ubiquiti argued that the attackers did not have access to customer data, which, apparently, does not contradict the information provided by the investigation.
The U.S. Department of Justice alleges that Sharpe uploaded data from Ubiquiti's Amazon Web Services and Github accounts after he applied for a job with another company in December 2020. His activities were discovered by another employee a few days after Sharp uploaded "gigabytes" of sensitive data and applied AWS policies to restrict logging.
Sharpe was identified due to a technical glitch. He used VPN service SurfShark to hide his identity while collecting data and sending emails, but "on one occasion" his real IP address was revealed and logged while connecting to the company's GitHub. According to the DOJ, this happened when Sharpe's home internet went down temporarily and then reconnected.
A former Ubiquiti employee pleaded guilty to accessing large amounts of sensitive company data and then demanded a ransom from Ubiquiti. He also spoke to the media as an anonymous whistleblower, arguing that the police did not properly investigate, and the data breach at the company was much larger than the investigation revealed.