A single VPN drop-out exposed breach scandal that cost Ubiquiti $4bn

A single VPN drop-out exposed breach scandal that cost Ubiquiti $4bn


This is why using a VPN without a kill switch is a bad idea

A brief VPN outage has led to the arrest of a former Ubiquiti developer, who has reportedly been charged with stealing data and trying to extort his employer while pretending to be a whistleblower.

Internet of Things (IoT) specialist Ubiquiti disclosed a network breach in January 2021, the scope of which was questioned by an anonymous whistleblower a couple of months later. 

However, according to KrebsOnSecurity, it has now emerged that both incidents were the handiwork of the same individual, Nickolas Sharp, a senior developer at Ubiquiti, who has been charged for the crimes.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

According to the indictment, after securing a job at another company, Sharp allegedly used his still functional privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service to download large amounts of proprietary data.

Going for the kill

To cover his tracks, Sharp had used a SurfShark VPN connection to mask his real IP address. He then sent a ransom note to Ubiquiti using the same cover, demanding 25 bitcoin in exchange for a promise not to share the data. 

However, investigators were able to trace the downloads to Sharp because his flaky internet connection briefly failed multiple times, exposing his real IP address. 

“You might think your VPN connection is really, really stable, but it only takes a single drop – maybe as you switch from one Wi-Fi network to another – to give away your identity,” suggests Mike Williams, TechRadar‘s security expert. He added that Sharp would have gotten away with it, had he enabled the kill switch for the VPN connection, which would have terminated the downloads as soon as the connection was interrupted.

Furthermore, according to The Record, investigators were also able to link the attacker’s VPN connection to a SurfShark account purchased with Sharp’s PayPal account. 

Sharp refutes the charges, and continues to maintain that he doesn’t own the SurfShark account, and that someone else must have used his Paypal account to purchase it.

After being confronted with the charges, investigators claim that Sharp didn’t help his cause by posing as an anonymous whistleblower to question the severity of the “breach” by raising false flags, which led to Ubiquiti’s stock price plummeting about 20%, wiping out over $4 billion in market capitalization.