1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A single VPN drop-out exposed breach scandal that cost Ubiquiti $

    From TechnologyDaily@1337:1/100 to All on Fri Dec 3 14:30:04 2021
    A single VPN drop-out exposed breach scandal that cost Ubiquiti $4bn

    Date:
    Fri, 03 Dec 2021 14:10:35 +0000

    Description:
    A flaky internet connection has helped investigators link a former Ubiquiti employee to the data breach earlier this year.

    FULL STORY ======================================================================

    A brief VPN outage has led to the arrest of a former Ubiquiti developer, who has reportedly been charged with stealing data and trying to extort his employer while pretending to be a whistleblower.

    Internet of Things (IoT) specialist Ubiquiti disclosed a network breach in January 2021 , the scope of which was questioned by an anonymous
    whistleblower a couple of months later.

    However, according to KrebsOnSecurity , it has now emerged that both
    incidents were the handiwork of the same individual, Nickolas Sharp, a senior developer at Ubiquiti, who has been charged for the crimes. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    According to the indictment, after securing a job at another company, Sharp allegedly used his still functional privileged access to Ubiquitis systems at Amazons AWS cloud service to download large amounts of proprietary data.
    Going for the kill

    To cover his tracks, Sharp had used a SurfShark VPN connection to mask his real IP address. He then sent a ransom note to Ubiquiti using the same cover, demanding 25 bitcoin in exchange for a promise not to share the data.

    However, investigators were able to trace the downloads to Sharp because his flaky internet connection briefly failed multiple times, exposing his real IP address.

    You might think your VPN connection is really, really stable, but it only takes a single drop - maybe as you switch from one Wi-Fi network to another - to give away your identity, suggests Mike Williams, TechRadar 's security expert. He added that Sharp would have gotten away with it, had he enabled
    the kill switch for the VPN connection, which would have terminated the downloads as soon as the connection was interrupted.

    Furthermore, according to The Record , investigators were also able to link the attackers VPN connection to a SurfShark account purchased with Sharps PayPal account.

    Sharp refutes the charges, and continues to maintain that he doesnt own the SurfShark account, and that someone else must have used his Paypal account to purchase it.

    After being confronted with the charges, investigators claim that Sharp
    didn't help his cause by posing as an anonymous whistleblower to question the severity of the "breach" by raising false flags, which led to Ubiquiti's
    stock price plummeting about 20%, wiping out over $4 billion in market capitalization. If you are concerned about online privacy, use one of the
    best business VPN services



    ======================================================================
    Link to news story: https://www.techradar.com/news/a-single-vpn-dropout-exposed-breach-scandal-tha t-cost-ubiquiti-dollar4bn/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)