A single VPN drop-out exposed breach scandal that cost Ubiquiti $4bn
This is why using a VPN without a kill switch is a bad idea
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A briefVPNoutage has led to the arrest of a former Ubiquiti developer, who has reportedly been charged with stealing data and trying to extort his employer while pretending to be a whistleblower.
Internet of Things (IoT)specialist Ubiquiti disclosed anetwork breach in January 2021, the scope of which wasquestioned by an anonymous whistleblowera couple of months later.
However, according toKrebsOnSecurity,it has now emerged that both incidents were the handiwork of the same individual, Nickolas Sharp, a senior developer at Ubiquiti, who has been charged for the crimes.
According to the indictment, after securing a job at another company, Sharp allegedly used his still functional privileged access to Ubiquiti’s systems atAmazon’sAWScloud service to download large amounts of proprietary data.
Going for the kill
To cover his tracks, Sharp had used aSurfSharkVPN connection to mask his real IP address. He then sent a ransom note to Ubiquiti using the same cover, demanding 25bitcoinin exchange for a promise not to share the data.
However, investigators were able to trace the downloads to Sharp because his flaky internet connection briefly failed multiple times, exposing his real IP address. And, he forgot to turn on the Kill Switch on his SurfShark VPN. By default, this is off.
“You might think your VPN connection is really, really stable, but it only takes a single drop - maybe as you switch from one Wi-Fi network to another - to give away your identity,” suggests Mike Williams,TechRadar’s security expert. He added that Sharp would have gotten away with it, had he enabled the kill switch for the VPN connection, which would have terminated the downloads as soon as the connection was interrupted.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Furthermore, according toThe Record,investigators were also able to link the attacker’s VPN connection to a SurfShark account purchased with Sharp’s PayPal account.
Sharp refutes the charges, and continues to maintain that he doesn’t own the SurfShark account, and that someone else must have used hisPaypalaccount to purchase it.
After being confronted with the charges, investigators claim that Sharp didn’t help his cause by posing as an anonymous whistleblower to question the severity of the “breach” by raising false flags, which led to Ubiquiti’s stock price plummeting about 20%, wiping out over $4 billion in market capitalization.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
Red One isn’t perfect but it proves we need more action-packed Christmas movies
