 Tom here from Lawrence Systems and on January of 2021, Ubiquiti reported a breach, which I did a video on where I said it's an explanation but not a justification and I see it like that because I wanted to explain what happened and the fact that companies are often silent when there's an ongoing investigation. Later there was a Krebs article that said Ubiquiti's handling of the breach was catastrophic and poor and the breach was much bigger and worse than anyone had said because of an anonymous tip from a whistleblower that allegedly worked at Ubiquiti and on December 1st we got a little more insight to what's going on. Because on December 1st they arrested Nick Sharpe, former employee of technology company charged with stealing confidential data and extorting company for ransom while posing as an anonymous attacker. Now the thing is we have this labeled as company one but why do I think this is Ubiquiti? Well Nick Sharpe if you checked his LinkedIn profile says he works for Ubiquiti and works for Ubiquiti during the time that this occurred and it all lines up with everything in the indictment here and he was trying to extort them for $2 million to return to files and identification of remaining, perpetrated vulnerability. This is really interesting because what he claimed was there was a hack that allowed this attacker to steal the data and part of the ransom that would be paid is also disclosing how the attack happened which is actually really easy for Nick. He could just say I did it but I don't think that was his plan. I'm not really sure Nick had a plan or was very clear on how all this was going to go down. Now Nick's position afforded him a very high level of privilege at Ubiquiti therefore he had the full access to do this and what made matters worse is when the breach occurred and the anonymous email came in with this demand, Nick was assigned to do the investigation because well that was something he was in charge of his cloud credentials, cloud development and this creates kind of a big problem. We didn't know Nick was the one doing it so they assigned Nick to the task but you can't easily protect against insider threats but you can create good audit logs which of course Nick subsequently tried to delete. Nick Sharpe exploited his access, trusted insider to steal gigabytes of confidential data from his employer then posing as an anonymous attacker, sent the company nearly $2 million ransom demand. Now what actually caused him to fail and how all of this occurred and here's where it aligns he was employed by company one from about August of 2018 up to April 1st of 2020 Sharpe was a senior developer who had access to credentials for Amazon Web Services and GitHub servers. In July of 2020 Nick purchased Surfshark VPN to mask his public IP but at one point while he was exfiltrating data apparently he had an internet failure and the VPN didn't come back up so his home IP address became unmasked following a temporary in and out internet outage at Sharpe's home. This is part of the identifying piece of information that they needed so they knew he was using the same Surfshark VPN with that same Surfshark VPN IP and connecting to those GitHub and AWS accounts with these credentials. Then when that VPN dropped he logged in with his home IP address. Now you have some correlation data that the FBI was using in order to get a search warrant and then raid Nick's home. This is where things get a little bit crazy because it was after they refused to demand he published part of the data he had stolen. Then on March 24th 2021 FBI agents executed a warrant on Sharpe's residence in Portland Oregon and seized certain electronic devices belonging to Sharpe during the execution of that Sharpe made numerous false statements to the FBI agents including other things in substance that he was not the perpetrator incident and that he had not used Surfshark VPN prior. He forgot that he bought it on his paypal and they confronted him and of course it was his paypal account and he said someone else must have used my paypal account to do this purchase. This is where he dug himself a deeper hole several days after the FBI executed the search warrant at Sharpe's residence Sharpe caused false news stories to be published about the incident in company one's response to the incident related to closure and those stories Sharpe identified himself as an anonymous whistleblower with company one who had worked on remediating the incident which actually was a truthful part he was also the one causing the incident so in some ways he wasn't lying when they said he was being bungled because as it turns out Nick was one doing the bungling both internally and being the threat actor also being in charge of the investigation so yeah this is just kind of a big mess now Nick is facing a lot of jail time over this this is a terrible idea to do insider threat to steal information to do any of these things it's just like embezzlement or any other type of crime against your employer I don't really get it I think it's just a horrible idea if you hate your employer leave if you are just after some money I don't know that seems like a lot of money I guess a few million dollars but is it really worth it because of the jail time he's facing I don't know that's ultimately something he's going to have a lot of time to think about because I don't really see a way out of this now whether he pleads guilty not guilty whether there's a trial will be kind of interesting if he pleads guilty does a plea deal will probably not have any more information and we have right now if there's a trial there will be a lot of transcripts and we may gain some insight into the wherewithal and what he was thinking when he did all of this and you know could be kind of interesting to read this is actually some of the source material over at dark net diaries is that we'll go through and record transcripts to put their amazing stories together because they do offer a little bit more insider compelling reasons and some of the details of what went on that's more than just the charges that you see brought against someone in the end though insider threat is really really difficult to protect against you can compartmentalize things as much as possible you can follow all principles of least privilege but ultimately someone has to put those compartments in those principles together of least privilege and if that is a higher end employee in terms of their position and the access they need to do their job they do pose a threat now the next best thing you can do is have really detailed audit logs of what people did and when to keep an eye on how things are going now this does not stop someone from stealing data it just lets you know and gives you a trail to who took the data and how that data was exfiltrated if it was so there's a lot of controls can be put around that but it's still a really challenging problem the good news is it doesn't happen very often so it's not something that you should absolutely be worried about but the worry is never absolutely zero it is something that you should always be putting as much mitigation in place but ultimately yes even as a business owner myself I do have to put faith and trust in some people it's the only way you'll grow your business and move forward now I'll leave links down below to the Krebs article and the follow-up Krebs article and the bleeding appear article and the indictment itself of course so you can dive in it and read I haven't really seen anything else relevant lots of speculative things of this or that and the other posted in different forms nothing really of material or interesting or any more than did just people wanting to rah-rah saying he was not a nice person but I think anyone who tries to steal from their employer and do this is really not a nice person so I think Nick's a dick and I think I seen that on Reddit and I'll at least agree with that statement right there alright and thanks and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the subscribe button and the bell icon if you like to hire a short project head over to Lawrence systems dot com and click the hires button right at the top to help this channel out in other ways there's a join button here for YouTube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all our videos including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly so check back frequently and finally our forums forums dot Lawrence systems dot com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thanks again for watching and look forward to hearing from you