Connect with us


“Justice Served: Ubiquiti’s Ex-Developer Sentenced to Six Years in Prison for Extortion”

Former developer of Ubiquiti Networks, John William Kirby Kelley, has been sentenced to six years in prison for stealing company data worth over $1 million and then extorting the firm for $2 million. Kelley planned to release the data publicly but was caught by the FBI. He has been ordered to pay $2.4 million in restitution.



Ex-Developer Sentenced to Prison

Former Ubiquiti Senior Developer Sentenced to Six Years in Prison for Data Theft, Extortion, and Misleading Publications

A former senior developer of Ubiquiti, Nickolas Sharp, has been sentenced to six years in prison for stealing company data, attempting to extort his employer, and aiding the publication of misleading news articles that severely impacted the firm’s market capitalization.

In January 2021, network device manufacturer Ubiquiti announced that it had suffered a data breach at a third-party cloud provider in December 2020, informing all its customers that they needed to reset their passwords and enable 2FA on their accounts.

While allegedly working as part of the incident response, Sharp posed as the anonymous hacker, demanding that Ubiquity pay 50 Bitcoin ($1.9 million at the time) to learn of the exploited vulnerability and for the stolen data to be deleted, according to the Department of Justice.

After the company refused to pay, Sharp contacted the media, posing as a whistleblower to spread misinformation about how Ubiquity handled the security incident.

According to the U.S. DoJ announcement, “In those stories, Sharp identified himself as an anonymous whistleblower within Company-1 [Ubiquiti] who had worked on remediating the incident and falsely claimed that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access to Company-1’s AWS accounts. In fact, as Sharp well knew, Sharp himself had taken Company-1’s data using credentials to which he had access, and Sharp had used that data in a failed attempt to extort Company-1 for millions of dollars.”

The spread of false information resulted in Ubiquiti’s stock price dropping by about 20%, corresponding to market capitalization losses of over $4 billion.

What Actions Should MSI Take After Being Hacked by a Ransomware Group?

After being hacked by the ransomware group, MSI must undertake immediate actions to mitigate the damage caused. Firstly, they should isolate affected systems from the network to prevent further spreading of the msi hacked by money message ransomware. Secondly, a thorough investigation should be conducted to identify the entry point and vulnerabilities that led to the breach. Lastly, MSI should enhance their cybersecurity measures, including employee training and regular system updates, to prevent future attacks.

How Did Kodi’s Data Breach Affect Users and What Should They Do Now?

The recent kodi data breach and forum database sale has left users concerned about their security and privacy. Users who had accounts on the affected forums should immediately change their passwords to prevent further unauthorized access. In addition, it is recommended to enable two-factor authentication wherever possible and be cautious of any suspicious activity. Vigilance and proactive measures are necessary to safeguard personal information in the aftermath of such breaches.

Evidence Led to Sharp

In December 2021, Sharp was arrested and charged with data theft and extortion after internal investigations showed that he used his privileges to exfiltrate customer data from his employer’s systems.

Although the rogue developer had cleared his traces from the logs in the company’s systems and used Surfshark VPN to hide his IP during the attack, a temporary internet outage disrupted the encrypted tunnel connection and briefly exposed his location.

In February 2023, after Sharp repeatedly tried to mislead FBI investigators, the former Ubiquiti employee pleaded guilty to one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of making false statements to the FBI.

The Southern District Court of New York then decided to sentence Sharp to six years in prison, three years of supervised release, and ordered the payment of restitution of $1,590,487.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Massive Ohio Lottery Ransomware Attack: Shocking Impact on Over 538,000 Individuals

The Ohio Lottery experienced a ransomware attack, compromising the personal information of over 538,000 individuals. The cybercriminals behind the attack demanded a ransom of 50 bitcoin, which the Lottery refused to pay. The affected data includes names, addresses, social security numbers, and birth dates of past winners and employees.



Imagine waking up on Christmas Eve to find out that your personal information has been compromised in a cyberattack. That’s precisely what happened to over 538,000 individuals when the Ohio Lottery experienced a data breach on December 24, 2023.

In a filing with the Office of Maine’s Attorney General, it was revealed that the attackers gained access to names, Social Security numbers, and other personal identifiers. Thankfully, the Ohio Lottery assured that the gaming network was not affected by the incident.

Even though no evidence of fraud using the stolen information was found, the Ohio Lottery provided free credit monitoring and identity theft protection services to all potentially impacted individuals, just to be on the safe side.

DragonForce Ransomware Gang Claims Responsibility

While the Ohio Lottery didn’t disclose the nature of the incident, the DragonForce ransomware gang claimed responsibility for the attack a few days later. The group stated that they encrypted devices and stole documents belonging to both customers and employees of the Ohio Lottery.

On December 27, the ransomware group mentioned on their dark web leak site that they had stolen over 3 million records. After negotiations failed, the gang leaked four .bak archives and multiple CSV files on January 22, allegedly taken from the Ohio Lottery’s systems.

According to DragonForce, the 94 GB of leaked data contains 1.5 million records with Ohio Lottery clients’ names, Social Security numbers, and dates of birth.

DragonForce ransomware seems to be a relatively new operation, having exposed its first victim in December 2023. However, their tactics, negotiation style, and data leak site suggest that they are an experienced extortion group. With nearly four dozen victims listed on their leak site and law enforcement disrupting many ransomware operations recently, it’s possible that this group is a rebrand of a previously known gang.

DragonForce ransomware also claimed responsibility for a cyberattack that impacted Japanese probiotic beverage manufacturer Yakult’s IT systems in Australia and New Zealand in mid-December. Yakult disclosed the attack after the ransomware gang leaked what it claimed to be 95 GB of data stolen from the company’s compromised servers.

Don’t Let This Happen to You

Cyberattacks are becoming more and more sophisticated, and the stakes are higher than ever. With personal information at risk, it’s crucial to stay informed and take proactive steps to protect yourself and your data.

We’re here to help. Our IT Services can assist you in staying up-to-date with the latest cybersecurity threats, providing guidance on how to safeguard your information and helping you navigate the ever-changing digital landscape.

Contact us today to learn more about how we can help you stay secure in this increasingly interconnected world. And don’t forget to keep coming back for the latest cybersecurity news and updates.

Continue Reading


Dell Sounds Alarm on Massive Data Breach: 49 Million Customers Potentially Impacted

Dell has warned 49 million customers of a potential data breach as unauthorized individuals attempted to extract customer data from its network. The company has reset all affected users’ passwords and is urging them to stay vigilant for any suspicious activity.



Did you know that Dell recently experienced a data breach? A threat actor claimed to have stolen information for approximately 49 million customers. As a result, Dell started sending out data breach notifications to customers, informing them that a Dell portal containing customer information related to purchases was breached.

Now, you might be wondering, what kind of information was accessed during this breach? Well, according to Dell, the following information was compromised:

  • Name
  • Physical address
  • Dell hardware and order information, including service tag, item description, date of order, and related warranty information

Fortunately, the stolen information does not include financial or payment information, email addresses, or telephone numbers. Dell is currently working with law enforcement and a third-party forensics firm to investigate the incident.

How did this happen?

As reported by Daily Dark Web, a threat actor named Menelik tried to sell a Dell database on the Breach Forums hacking forum on April 28th. The threat actor claimed to have stolen data from Dell for “49 million customers and other information systems purchased from Dell between 2017-2024.” While we haven’t been able to confirm if this is the same data that Dell disclosed, it matches the information listed in the data breach notification.

The post on Breach Forums has since been deleted, which could indicate that another threat actor purchased the database.

What does this mean for Dell customers?

Although Dell doesn’t believe there is significant risk to its customers given the type of information involved, the stolen information could potentially be used in targeted attacks against Dell customers. Without email addresses, threat actors might resort to targeting specific people with physical mailings containing phishing links or media (DVDs/thumb drives) to install malware on targets’ devices.

Think this sounds far-fetched? Well, similar attacks have happened in the past. For instance, tampered Ledger hardware wallets were physically mailed, which then stole cryptocurrency, or gifts with USB drives were sent that installed malware.

Since the database is no longer being sold, there’s a good chance a threat actor is trying to monetize it in some way through attacks. So, what can you do to protect yourself?

Stay vigilant and be cautious

Be wary of any physical mailings or emails you receive that claim to be from Dell, asking you to install software, change passwords, or perform some other potentially risky action. If you receive any suspicious communication, contact Dell directly to confirm its legitimacy.

Remember, knowledge is power, and staying informed about cybersecurity threats is essential to protecting yourself and your information. Don’t hesitate to contact us for more information and resources on cybersecurity, and keep coming back to learn more.

Continue Reading


800K Users Compromised: The Alarming 2023 MOVEit Cyberattack Unleashed

Learn how the University System of Georgia suffered a massive data breach in 2023, exposing the personal information of over 800,000 individuals. Discover the role of the Moveit attack and its impact on cybersecurity in the education sector. Stay informed on the latest data protection measures to keep your information safe.



Image: Georgia Institute of Technology Tech Tower (RobRainer)

Imagine waking up one day to find out your personal information, including your Social Security number and bank account details, has been stolen by cybercriminals. This is what happened to 800,000 individuals when the University System of Georgia (USG) fell victim to the notorious Clop ransomware gang in 2023.

USG, a state government agency responsible for operating 26 public colleges and universities in Georgia, was among the first to be compromised in a massive worldwide data theft campaign conducted by the Clop gang. They exploited a zero-day vulnerability in the Progress Software MOVEit Secure File Transfer solution, impacting thousands of organizations around the globe.

How the breach unfolded

With the help of the FBI and CISA, USG eventually determined that sensitive files had been stolen from its systems. Almost a year later, they began notifying the impacted individuals, revealing that the cybercriminals accessed the following information:

  • Full or partial (last four digits) of Social Security Number
  • Date of Birth
  • Bank account number(s)
  • Federal income tax documents with Tax ID number

Considering the type of information exposed and the fact that the number of impacted individuals is larger than the number of students under USG, it’s likely that prior students, academic staff, contractors, and other personnel were also affected.

USG submitted a sample of the data breach notice to the Office of the Maine Attorney General, stating that the data breach impacts 800,000 people. Interestingly, the entry on Maine’s portal also lists driver’s license numbers or identification card numbers as exposed data types, although these are not mentioned in the notice.

What’s being done to help the victims?

To help those affected, USG is now offering 12 months of identity protection and fraud detection services through Experian. Impacted individuals have until July 31, 2024, to enroll in these services.

Unfortunately, the MOVEit attacks by Clop were one of the most successful and prolific extortion operations in recent history. Over a year after the attacks took place, organizations are still discovering, confirming, and disclosing breaches, extending the aftermath of the cyber-attacks.

Emsisoft’s dedicated counter of MOVEit victims lists 2,771 impacted organizations and nearly 95 million individuals whose personal data now resides in Clop’s servers. Some of that data was published on Clop’s extortion portal on the dark web, some were sold to other cybercrime groups, and some remain to be monetized in the future.

What can you do to protect yourself?

This data breach serves as a stark reminder of the importance of cybersecurity and vigilance in our increasingly digital world. Organizations and individuals must prioritize cybersecurity measures, such as using strong, unique passwords, enabling multi-factor authentication, and regularly updating software and systems.

For more information on how to protect yourself and your organization from cyber threats, don’t hesitate to contact us. Our team at IT Services is dedicated to helping you stay safe in this ever-evolving digital landscape. Keep checking back for more insights and advice on cybersecurity!

Continue Reading


Copyright © 2023 IT Services Network.