An indictment from the Department of Justice suggests that the Ubiquiti hack reported in January, and subsequent whistleblower claims of a cover-up, were the work of someone who was then an employee of the company. The DOJ alleges that Nickolas Sharp, 36, was arrested on Wednesday on accusations that he used his employee credentials to download confidential data and sent anonymous demands to the company he worked for pretending to be a hacker in an attempt to get a ransom of 50 Bitcoin. You can read the full indictment below.
The indictment doesn’t specifically name Ubiquiti, only referring to a “Company-1.” However, all the details line up. In January, Ubiquiti sent an email to users saying an unauthorized party had accessed its “information technology systems hosted by a third party cloud provider.” In March, someone claiming to be a whistleblower represented the incident as “catastrophic,” alleging that the company couldn’t tell the full extent of the attack because it wasn’t keeping logs and that the attacker had access to Ubiquiti’s Amazon Web Services (AWS) servers.