Security Market Segment LS
Wednesday, 30 March 2022 14:25

Ubiquiti files case against security blogger Krebs over 'false accusations' Featured

Ubiquiti files case against security blogger Krebs over 'false accusations' Image by Sang Hyun Cho from Pixabay

Ubiquiti, a maker of wireless LAN and WiFi routers and access points, has filed a case against former Washington Post employee Brian Krebs, who publishes a security blog, alleging that he falsely accused the company of "covering up" a cyberattack by intentionally misleading customers about "a so-called data breach and subsequent blackmail attempt in violation of US federal law and SEC regulations".

The San Jose, California company sought a trial by jury to decide the charges which were filed by the law firm Clare Locke LLP. [corrected].

The case against Krebs was filed in the US District Court for the eastern District of Virginia, Alexandria Division, on Tuesday.

Krebs wrote a story in March last year — which he later updated — which was fed to him by an ex-employee of Ubiquiti who was himself involved in the data theft and extortion bid, while he masqueraded as a whistleblower and anonymous attacker. The ex-worker, Nickolas Sharpe, was indicted by the US Department of Justice in December last year.

In its complaint, Ubiquiti said contrary to what Krebs had reported, the company had promptly notified its clients about the attack and instructed them to take additional security precautions to protect their information.

"Ubiquiti then notified the public in the next filing it made with the SEC. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his website,," the complaint alleged.

It said there was no evidence to support Krebs' claims and only one source, Nickolas Sharp.

krebs court oneThe Ubiquiti complaint said when the DoJ issued a media release about Sharp's indictment, Krebs did not change his story in any way. "Krebs reviewed the press release and he knew that his sole source had been indicted for his criminal involvement in the cyberattack," it claimed.

"Despite these damming facts, Krebs published a story on his blog the next day doubling down on his false accusations against Ubiquiti and intentionally misleading his readers into believing that his earlier reporting was not sourced by Sharp, the hacker behind the attack.

"Instead of acknowledging that the source from his previous story was indicted by federal prosecutors for his crimes against Ubiquiti, Krebs calls Sharp 'a Ubiquiti employee' when referencing Sharp’s contributions to his reporting.

"But in the very next sentence, Krebs describes Sharp as 'a former Ubiquiti developer' who 'was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower'.”

According to the indictment issued by the DoJ against Sharp in December 2021, after publication of the articles in question on 30 and 31 March, Ubiquiti's stock price fell by about 20% and the company lost more than US$4 billion (A$5.32 billion) in market capitalisation.

The DoJ did not mention Sharp's employer, but Sergiu Gatlan, a reporter with the website Bleeping Computer, wrote that the details around the incident perfectly matched existing information on the Ubiquiti breach and also on Sharp's LinkedIn account.

The Krebs' report appeared to have been the original with four others — in the Washington Post, Cybereason, Apple Insider and ZDNet — citing Krebs' report as the source in their reports, all of which appeared on or around 30 March.

The complaint charged that while the DoJ indictment was central to a follow-up story that Krebs published in December [screenshot above, right], he continued to repeat the false assertion that “[i]n March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication".

The complaint alleged Krebs had intentionally misrepresented the truth because he had a financial incentive to do so, adding, "His entire business model is premised on publishing stories that conform to this narrative. Despite overwhelming facts showing that his reporting is pure fiction, Krebs has refused to retract or correct his disinformation campaign against Ubiquiti".

The complaint detailed the incident that led to the first story, saying that it had found suspicious activity on its cloud infrastructure on 28 December 2020 and then put together a team, which included Sharp, to investigate.

"A short time after Ubiquiti discovered the attack, the unknown 'hacker' sent an anonymous ransom note via the platform Keybase," the complaint said. "The 'hacker' claimed that he accessed Ubiquiti’s systems as an outsider and [had] taken information from Ubiquiti (including elements of its source code).

"The 'hacker' also demanded 25 bitcoin from Ubiquiti for the return of the data and the hacker’s silence and an additional 25 bitcoin for the hacker to reveal the location of a second 'backdoor' access point in Ubiquiti’s system. At the time, 50 bitcoin was worth approximately US$2 million." (A$2.66 million)

The second backdoor was identified by the investigators, hence Ubiquiti said it refused to pay any ransom and informed its customers about the incident, advising that they take steps to ensure they were safe.

The complaint said the company also informed investors and the public about the ransom note, and law enforcement as well. As Ubiquiti continued to investigate the ransom note and the suspicious activity on its cloud infrastructure, it said many factors led it to believe the attack was an inside job and that Sharp was behind the blackmail scheme.

"Through its investigation, Ubiquiti learned that Sharp had used his administrative access codes (which Ubiquiti provided to him as part of his employment) to download gigabytes of data. Sharp used a Virtual Private Network (VPN) to mask his online activity, and he also altered log retention policies and related files to conceal his wrongful actions," the complaint alleged.

"Ubiquiti shared this information with federal authorities and the company assisted the FBI’s investigation into Sharp’s blackmail attempt. The federal investigation culminated with the FBI executing a search warrant on Sharp’s home on 24 March 2021."

The complaint then went into detail about how Sharp contacted Krebs and how the story came to be published.

Krebs was accused of two counts of defamation, with Ubiquiti seeking a jury trial and asking for a judgment against him that awarded compensatory damages of more than US$75,000, punitive damages of US$350,000, all expenses and costs including lawyers' fees and any further relief deemed appropriate by the court.

iTWire has contacted Krebs and the law firm Clare Locke LLP for comment.

Read 3572 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News