Ex-Ubiquiti employee here. Nick Sharp wasn't just a senior software engineer. He was the Cloud Lead and ran the whole cloud team. His LinkedIn profile will confirm it. This is why he had access to everything.
Nick had his hands in everything from GitHub to Slack and we could never understand why or how. He rose to power in the company by claiming to find a vulnerability that let him access the CEO's personal system, but nobody I spoke to ever knew what the vulnerability was. I discussed this with another ex-Ubiquiti person in an old thread [1] Now I'm positive he faked the security issue as a power move, just as he faked this attack for extortion purposes.
He would also harass people and use his control over Slack and GitHub against the people he didn't like. Many people left around this time partially because Nick made everything so difficult at the company. What a terribly depressing series of events.
Is this why Ubiquiti quality has fallen over the last ~2 years? I went all-in on Ubiquiti almost 3 years ago and I’ve been less than thrilled with the quality and level of support. This chaos that you say happened seems to line up with what I was seeing as a customer but everyone has been shocked at how UI has dropped in terms of quality.
If it makes you feel any better I worked with him at Nike in 2014 and he was a complete jerk then too. I’m surprised this didn’t happen sooner if anything. How do these people stay employed?
I've always been fascinated by the idea that intelligence lies within a spectrum. Someone might be incredibly smart about a narrow topic or field, yet be blind to their own stupidity within another realm.
To me, this seems like a classic example. To quote the press release: "During the execution of that search, SHARP made numerous false statements to FBI agents, including, among other things, in substance, that he was not the perpetrator of the Incident and that he had not used Surfshark VPN prior to the discovery of the Incident. When confronted with records demonstrating that SHARP purchased the Surfshark VPN service in July 2020, approximately six months prior to the Incident, SHARP falsely stated, in part and substance, that someone else must have used his PayPal account to make the purchase."
This man was a senior developer yet this quote sounds like it comes from a nine year-old. Not to mention "hire a lawyer, don't talk to the police" has always been pretty solid advice.
He now faces significant prison time, and the strong potential for a dismal life.
When faced correcting a false reality you have created, it can be quite hard to decide to phase change into telling the truth. The lies that come out come from not being prepared and not being a very good liar. For people who lie like this, a good way to think about it is as though it were a disease.
Actually intelligent people just don't do things like this, even if they have nefarious intent. There are quite smarter ways to accomplish substantially the same thing that this crime does not reflect.
I'm not convinced that this person was particularly intelligent in the first place.
> I've always been fascinated by the idea that intelligence lies within a spectrum. Someone might be incredibly smart about a narrow topic or field, yet be blind to their own stupidity within another realm.
I've been seriously bitten by this, and find it more scary than fascinating. Growing up, I thought people who followed cult leaders and charismatic narcissists were so stupid (still do), it appeared so transparent to me. Later, in my professional and adult life I found myself to be equally gullible when intelligent people were abusive or outright dumb in other areas. This has been a challenge to unlearn, like learning an old dog to sit. Basically, our proxies for predicting people's character range from bad to terrible.
> This man was a senior developer yet this quote sounds like it comes from a nine year-old.
Tech has a contempt culture problem, and this can be one manifestation of it: feeling that being moderately bright about getting computers to do things makes you a tremendous intellect, and everyone else around you an easily hoodwinked moron.
Perhaps the most extreme example was Hans Reiser. Anyone who followed the twists and turns of the case against him for murdering his wife will remember how many trivially disproved lies he told, apparently under the illusion that he was a mastermind who could put one over on the courts based on his faulty understanding of ideas like reasonable doubt.
It is very, VERY difficult to not answer questions from a trained law enforcement interrogator even if you a) are smart and b) know not to answer questions. I can't stress this enough.
It actually takes explicit training and practice, as it goes against every social habit and "instinct" we have developed throughout our entire adult lives.
Dude, let's not be generous. Could he write code? Yes. But this is a guy who wrote everything in Node, but absolutely _refused_ to use any existing libraries except for ones he personally wrote. He didn't "trust" them.
He wasn't even hired on as a dev, he was hired to be the "Cloud guy", essentially a sysadmin for AWS, and basically spooked the CEO into giving him the keys to the castle.
Mr. Sharp is apparently not so sharp. He carried out the attack from his home network. He connected directly for enough time that his bare IP was logged. The rest of the time, he carried out the attack using a commercially purchased VPN solution that was trivial to trace back to him via the purchase record. He lied to the FBI. (I have yet to understand why people talk to law enforcement instead of staying silent so as to not implicate themselves.) And, for no apparently good reason (meaning, there's no claim of him shorting the stock), after the raid, he seeded fake news that drove the company's stock down 20%.
(I have yet to understand why people talk to law enforcement instead of staying silent so as to not implicate themselves.)
When the FBI knock at the door you totally do the whole "no comment/talk to my lawyer" thing. But what happens next if you're actually part of an investigation is they hand you a grand jury subpoena (which they were going to do anyway, even if you just talked willingly, because they have already gone to the trouble of asking a judge to issue one and have it with them by the time they ring your doorbell)
That subpoena is likely to require you to hand over any digital records you have related to the investigation (you can't plead 5th on that) and turn up at a time and place to be interviewed (you have to turn up, even if it's on the other side of the country eg in the Southern District of NY in Manhattan and you live in SF Bay Area). BTW I don't think people widely realize the government has the power to compel you to hand over EVERY piece of material you have on a given subject they are investigating - eg search and share anything from every email you have ever received since you signed up for GMail in 2004, etc.
You can plead 5th during the interview but if you have material information (or are actually guilty) and knowing they have all of the documentation subpoenaed and whatever other evidence from other subjects/targets/witnesses, it will likely help you at that point to be cooperative via guidance from your attorney. Remaining silent at that point is just going to leave you at the mercy of whatever other witnesses/subjects/targets convey and their own conclusions from the subpoenas.
If you are on a visa or green card you almost certainly can't plead the 5th because they can leverage your right to remain in the US.
So, that's why people typically talk to the FBI. It's not at the doorstep when they first engage you, it's once you have been compelled to participate.
While I agree that the mistake Mr. Sharp made -- it sounds like he had a network disconnection which briefly caused him to perform actions via his home IP address, rather than his VPN address -- we also don't know everything here. It doesn't sound like the guy was all that sophisticated. Using a VPN provider, in the first place, can make you a whole lot easier to be caught depending on the circumstances/provider trustworthiness/jurisdictions. I recall that there were providers which accepted cryptocurrency, but chances are good if he couldn't figure out how to block all traffic when the VPN was down, he'd have made several mistakes trying to keep the Bitcoin/Ethereum from being traced back to him.
For a crime like this -- as serious as this was, with the damages involved, the company and its internal resources/practices -- he probably had no prayer of getting away with it and in a Dunning-Kruger-like manner, he not only didn't know what he didn't know, I don't think there's any way he could have known enough about his adversary's capabilities to get away with it long term.
If a criminal wishes to be successful in getting away with a serious crime without getting caught over their lifetime, that criminal must successfully thwart detection from all current and future technologies. I mention serious because those crimes often do not have a statute of limitations these days. I'm assuming a perfect law enforcement body that similarly makes no mistakes, so a "luck factor" weighs in, but given a (not too) high-profile crime with motivation, budget, competent investigators and expanding technology, I'll law enforcement is gong to rank higher in the luck category.
It's not enough to look at what they're capable of currently. Consider this scenario: A murderer with Type O+ blood (with other common properties) strangles a man with a wire in 1980 leaving behind only that wire as evidence. In the struggle, the wire also cut the murderers hand and deposited a tiny drop of their blood on it. Being that it was a small item stored for an open case and was well preserved, it's still there, today. Luck. Back in 1980, it was of little evidentiary value. Today, that drop has a good chance of producing a DNA profile. Has the murderer been arrested (not convicted) of a felony in the last few decades? They'll probably be caught. Did a family member use certain (do they all do this?) consumer DNA services? Their family might be found, which will narrow the suspect down to a pool of people. Forget drawing suspicions by getting warrants, because it takes so little biological material and you deposit it everywhere you go, the police just wait for garbage day or follow you around town, grab something that came into contact with your mouth and they've get a profile (which will be used to get an easy warrant for a blood sample to confirm it).
Budding criminals, are you storing all of your secret plans on your drive in a bullet-proof encrypted manner and ensuring that it is airgapped? Are you doing all of your secret research on a similarly configured device, but configured to ensure all networking only works via Tor? Are you sure you didn't make a mistake that couldn't rise to the standards required to get a warrant to image your drive/take your equipment (that's hopefully turned off)? That bullet-proof encryption is rotting, and 30 years from now could represent a small hurdle above plain text.
And what happens when the time required to investigate crimes is reduced further? "We'll get around to bike theft when we're done solving all of the murders."
But what if solving a small percentage of the bike thefts went from "complaint" to "likely suspect" almost instantly if certain circumstances were right. For instance, imagine law enforcement could automate geo-fence style warrant requests (requests to get "people in a location at a certain time" from Gooble/Apple/mobile phone provider histories[0]) for every bike theft where the bike was stolen from an area infrequently traveled where and the time of the theft is known to within an hour. For any where the there was exactly one person logged, you have a person of interest -- probably the thief. Not enough evidence to prove a crime, but enough to scare some of the petty thieves into giving up more evidence through questioning (or maybe just give up). It's a stretch, on purpose -- but as technology make solving crimes less costly, less serious crimes will be prosecuted more frequently/reliably.
Full disclosure: My only credentials in this area are working in Corporate Security at a multi-national (large) telecom company for a brief stint and in a security/development capacity for most of my career; except for that brief stint, all of my work has been on the defensive/strategic side, not on the investigative side, and never with violent crimes of any kind. I simply enjoy security topics, in general, but if I've shown my ignorance in a few areas, my apologies and feel free to correct.
[0] Assuming this data is kept long enough; I am going to hazard a guess that it is a lot longer than most people think.
Damn. I remember reading about the original "hack" here and getting very concerned about the level of access ascertained by the attacker. I'm almost relieved it was a foolishly clumsy inside job and some of the initial hypotheses about rogue nation state root access to UI devices did not materialize. Brazen, indeed, for him to also have been on the team tasked with cleaning it up.
He could've prevent all of this by a) making sure his traffic was blackholed when the VPN went down and b) adding another layer from a free service (like TOR or a proxy or another VPN). He also should've been actively using the VPN so his traffic patterns wouldn't stand out as much, and so his purchase would be justifiable. If he really did buy the VPN 6 months ahead then he was a fool to leave the subscription dormant. If he wanted a fire and forget VPN subscription, he also could've bought the subscription with stolen credit cards. He would've had to make sure to only connect to the VPN through something like TOR, but credit card fraud is pretty difficult to trace if you do it right.
Had he put in a little more thought and preparation then I still don't know if he would've gotten away with it, but at least he'd be in a better position. He wouldn't have to lie to the FBI agents and they probably would've had to catch him by going after the source of the place where the data was leaked instead.
Opsec is hard, but this is just embarrassing for someone in the know trying to steal 50 bitcoin. I'm also not sure why he did it. Suddenly owning a few million in crypto would be noticed, unless he didn't spend any of it, ever. What was his plan, just quit his job and move away right after the hack?
I really dislike theses kinds of comments in theses kind of posts. This is just bragging.
I would like the bad people to be caught and you are just giving away free advice to any future thief like him and also kind of encouraging other people which is kind of worrisome.
Privacy is a double edge sword and this is case that I happy that he was caught because of his lack of knowledge.
I do that that the media that breathlessly amplified this persons attack should learn from it. In particular, As much as I like and appreciate his reporting, Brian Krebs was the key person amplifying this message - which makes him a unwitting accomplice to many billions of dollars of damage to ubiquiti shareholders.
Brian Krebs isn't a good reporter or a good person. He has a history of doxxing people without basis (or for the basis of leaving bad reviews on his books).
It disappoints me that he has the audience he does.
Couple things that stood out to me was that the incident occurs in December and the raid ensues March 24th, so roughly 3 months. Building the case I presume.
Then after the raid, the accused doubles down and seeds fake news stories.
I'm a big fan of a show called "Forensic Files", which is like a real-life CSI where each episode is a documentary and only takes 20 minutes (I highly recommend).
In addition to the the usual passion killings and random murders, there is the occasional criminal that thinks they are way smarter than everyone else and doubles or triples down even as the noose is tightening, because they 100% believe they are geniuses and will get away with it.
In this episode a member of Mensa, who enjoyed staging murder mystery dinner parties for his Mensa friends, poisoned his neighbor over loud music and barking dogs, and thought he was such a criminal mastermind that he could talk his way out of it. These people have mental disorders.
It sounds like he got caught because his VPN dropped during some sort of outage. It's funny because I feel like "don't do crime from your home network" should be an incredibly obvious concept.
A quick search revealed a LinkedIn profile[0] of a previous Ubiquiti employee, he seemed to have left the company in March 2021. I wonder what was first, he quitting his job at Ubiquiti or the FBI Raid.
" SHARP subsequently re-victimized his employer by causing the publication of misleading news articles about the company’s handling of the breach that he perpetrated,
which were followed by a significant drop in the company’s share price associated with the loss of billions of dollars in its market capitalization."
As a customer, the one thing I really want to know is whether or not the company is dealing with this in a manner that helps me decide if I should continue being a customer.
Do they understand that they may need to fire the CEO given that the CEO probably is the weakest link here? Do they have sufficient liquidity and capital to invest in resetting the culture and hiring people who can turn this around?
The things that really jumped at me looking at his LinkedIn profile were 1) job hopper and 2) lots of overlapping - perhaps it was all part time gigs but some of the overlap surprised me. I was shocked at the number of sub-year positions.
This is why I think it is important to self host things and I applaud Ubiquiti for allowing UNMS/UISP to be self hosted for free. As far as I understand it our UNMS was never at risk from this problem.
Yea quite the playbook there... ransom the company pretending to be a hacker, then pretend to be a whistleblower saying the company is burying the fact that the company is being ransomed..
So what's a good alternative to Ubiquiti hardware? Is there some guides/community for standard x86_64/arm64 computers and PCIe cards to be used as professional-grade routers and wifi access point at a low price range? Turris Omnia looks pretty cool but it's really too expensive for non-profits.
Is OpenWRT or OPNSense the way to go? Or is there some more generic web dashboard you can run on any GNU/Linux or BSD system?
Brian Krebs’ article interviewing the whistleblower took this to DEFCON 1 for Ubiquiti. It’s really crazy how Mr. Sharp was able to trick all of his victims.
> At one point during the exfiltration of Company-1 data, SHARP’s home IP address became unmasked following a temporary internet outage at SHARP’s home.
This seems to explain how this comes down after less than a year since the incident. Surfshark now supports an outage related kill switch, not sure if that's a new feature.
[+] [-] ex_ubiquiti|4 years ago|reply
Nick had his hands in everything from GitHub to Slack and we could never understand why or how. He rose to power in the company by claiming to find a vulnerability that let him access the CEO's personal system, but nobody I spoke to ever knew what the vulnerability was. I discussed this with another ex-Ubiquiti person in an old thread [1] Now I'm positive he faked the security issue as a power move, just as he faked this attack for extortion purposes.
He would also harass people and use his control over Slack and GitHub against the people he didn't like. Many people left around this time partially because Nick made everything so difficult at the company. What a terribly depressing series of events.
[1] https://news.ycombinator.com/item?id=26694945
[+] [-] baskethead|4 years ago|reply
[+] [-] throwaway-swsh|4 years ago|reply
[+] [-] pdimitar|4 years ago|reply
But IMO the truly depressing event here is management refusing to do anything until it was too late. What are they even paid for?
[+] [-] neom|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] stef25|4 years ago|reply
Do you mean he got promotions cause he found a non existent vuln? Surely whoever handed out those promotions is to blame here?
[+] [-] LiquidPolymer|4 years ago|reply
To me, this seems like a classic example. To quote the press release: "During the execution of that search, SHARP made numerous false statements to FBI agents, including, among other things, in substance, that he was not the perpetrator of the Incident and that he had not used Surfshark VPN prior to the discovery of the Incident. When confronted with records demonstrating that SHARP purchased the Surfshark VPN service in July 2020, approximately six months prior to the Incident, SHARP falsely stated, in part and substance, that someone else must have used his PayPal account to make the purchase."
This man was a senior developer yet this quote sounds like it comes from a nine year-old. Not to mention "hire a lawyer, don't talk to the police" has always been pretty solid advice.
He now faces significant prison time, and the strong potential for a dismal life.
[+] [-] colechristensen|4 years ago|reply
When faced correcting a false reality you have created, it can be quite hard to decide to phase change into telling the truth. The lies that come out come from not being prepared and not being a very good liar. For people who lie like this, a good way to think about it is as though it were a disease.
Actually intelligent people just don't do things like this, even if they have nefarious intent. There are quite smarter ways to accomplish substantially the same thing that this crime does not reflect.
I'm not convinced that this person was particularly intelligent in the first place.
[+] [-] klabb3|4 years ago|reply
I've been seriously bitten by this, and find it more scary than fascinating. Growing up, I thought people who followed cult leaders and charismatic narcissists were so stupid (still do), it appeared so transparent to me. Later, in my professional and adult life I found myself to be equally gullible when intelligent people were abusive or outright dumb in other areas. This has been a challenge to unlearn, like learning an old dog to sit. Basically, our proxies for predicting people's character range from bad to terrible.
[+] [-] rodgerd|4 years ago|reply
Tech has a contempt culture problem, and this can be one manifestation of it: feeling that being moderately bright about getting computers to do things makes you a tremendous intellect, and everyone else around you an easily hoodwinked moron.
Perhaps the most extreme example was Hans Reiser. Anyone who followed the twists and turns of the case against him for murdering his wife will remember how many trivially disproved lies he told, apparently under the illusion that he was a mastermind who could put one over on the courts based on his faulty understanding of ideas like reasonable doubt.
[+] [-] sneak|4 years ago|reply
It actually takes explicit training and practice, as it goes against every social habit and "instinct" we have developed throughout our entire adult lives.
[+] [-] dagw|4 years ago|reply
I knew a senior developer doing advanced R&D at a big tech company, who also kept getting suckered into MLM scams.
[+] [-] _pplp|4 years ago|reply
Dude, let's not be generous. Could he write code? Yes. But this is a guy who wrote everything in Node, but absolutely _refused_ to use any existing libraries except for ones he personally wrote. He didn't "trust" them.
He wasn't even hired on as a dev, he was hired to be the "Cloud guy", essentially a sysadmin for AWS, and basically spooked the CEO into giving him the keys to the castle.
[+] [-] millzlane|4 years ago|reply
[+] [-] nathanvanfleet|4 years ago|reply
[+] [-] mjamil|4 years ago|reply
[+] [-] dotBen|4 years ago|reply
When the FBI knock at the door you totally do the whole "no comment/talk to my lawyer" thing. But what happens next if you're actually part of an investigation is they hand you a grand jury subpoena (which they were going to do anyway, even if you just talked willingly, because they have already gone to the trouble of asking a judge to issue one and have it with them by the time they ring your doorbell)
That subpoena is likely to require you to hand over any digital records you have related to the investigation (you can't plead 5th on that) and turn up at a time and place to be interviewed (you have to turn up, even if it's on the other side of the country eg in the Southern District of NY in Manhattan and you live in SF Bay Area). BTW I don't think people widely realize the government has the power to compel you to hand over EVERY piece of material you have on a given subject they are investigating - eg search and share anything from every email you have ever received since you signed up for GMail in 2004, etc.
You can plead 5th during the interview but if you have material information (or are actually guilty) and knowing they have all of the documentation subpoenaed and whatever other evidence from other subjects/targets/witnesses, it will likely help you at that point to be cooperative via guidance from your attorney. Remaining silent at that point is just going to leave you at the mercy of whatever other witnesses/subjects/targets convey and their own conclusions from the subpoenas.
If you are on a visa or green card you almost certainly can't plead the 5th because they can leverage your right to remain in the US.
So, that's why people typically talk to the FBI. It's not at the doorstep when they first engage you, it's once you have been compelled to participate.
Related/useful: https://www.natlawreview.com/article/you-received-grand-jury...
Source: happened to me a number of years ago, although I wasn't guilty of anything. Lawyered up, cooperated, no further action. Wasn't pleasant.
IANAL, not legal advice
[+] [-] mdip|4 years ago|reply
For a crime like this -- as serious as this was, with the damages involved, the company and its internal resources/practices -- he probably had no prayer of getting away with it and in a Dunning-Kruger-like manner, he not only didn't know what he didn't know, I don't think there's any way he could have known enough about his adversary's capabilities to get away with it long term.
If a criminal wishes to be successful in getting away with a serious crime without getting caught over their lifetime, that criminal must successfully thwart detection from all current and future technologies. I mention serious because those crimes often do not have a statute of limitations these days. I'm assuming a perfect law enforcement body that similarly makes no mistakes, so a "luck factor" weighs in, but given a (not too) high-profile crime with motivation, budget, competent investigators and expanding technology, I'll law enforcement is gong to rank higher in the luck category.
It's not enough to look at what they're capable of currently. Consider this scenario: A murderer with Type O+ blood (with other common properties) strangles a man with a wire in 1980 leaving behind only that wire as evidence. In the struggle, the wire also cut the murderers hand and deposited a tiny drop of their blood on it. Being that it was a small item stored for an open case and was well preserved, it's still there, today. Luck. Back in 1980, it was of little evidentiary value. Today, that drop has a good chance of producing a DNA profile. Has the murderer been arrested (not convicted) of a felony in the last few decades? They'll probably be caught. Did a family member use certain (do they all do this?) consumer DNA services? Their family might be found, which will narrow the suspect down to a pool of people. Forget drawing suspicions by getting warrants, because it takes so little biological material and you deposit it everywhere you go, the police just wait for garbage day or follow you around town, grab something that came into contact with your mouth and they've get a profile (which will be used to get an easy warrant for a blood sample to confirm it).
Budding criminals, are you storing all of your secret plans on your drive in a bullet-proof encrypted manner and ensuring that it is airgapped? Are you doing all of your secret research on a similarly configured device, but configured to ensure all networking only works via Tor? Are you sure you didn't make a mistake that couldn't rise to the standards required to get a warrant to image your drive/take your equipment (that's hopefully turned off)? That bullet-proof encryption is rotting, and 30 years from now could represent a small hurdle above plain text.
And what happens when the time required to investigate crimes is reduced further? "We'll get around to bike theft when we're done solving all of the murders." But what if solving a small percentage of the bike thefts went from "complaint" to "likely suspect" almost instantly if certain circumstances were right. For instance, imagine law enforcement could automate geo-fence style warrant requests (requests to get "people in a location at a certain time" from Gooble/Apple/mobile phone provider histories[0]) for every bike theft where the bike was stolen from an area infrequently traveled where and the time of the theft is known to within an hour. For any where the there was exactly one person logged, you have a person of interest -- probably the thief. Not enough evidence to prove a crime, but enough to scare some of the petty thieves into giving up more evidence through questioning (or maybe just give up). It's a stretch, on purpose -- but as technology make solving crimes less costly, less serious crimes will be prosecuted more frequently/reliably.
Full disclosure: My only credentials in this area are working in Corporate Security at a multi-national (large) telecom company for a brief stint and in a security/development capacity for most of my career; except for that brief stint, all of my work has been on the defensive/strategic side, not on the investigative side, and never with violent crimes of any kind. I simply enjoy security topics, in general, but if I've shown my ignorance in a few areas, my apologies and feel free to correct.
[0] Assuming this data is kept long enough; I am going to hazard a guess that it is a lot longer than most people think.
[+] [-] 1cvmask|4 years ago|reply
[+] [-] akersten|4 years ago|reply
[+] [-] jeroenhd|4 years ago|reply
Had he put in a little more thought and preparation then I still don't know if he would've gotten away with it, but at least he'd be in a better position. He wouldn't have to lie to the FBI agents and they probably would've had to catch him by going after the source of the place where the data was leaked instead.
Opsec is hard, but this is just embarrassing for someone in the know trying to steal 50 bitcoin. I'm also not sure why he did it. Suddenly owning a few million in crypto would be noticed, unless he didn't spend any of it, ever. What was his plan, just quit his job and move away right after the hack?
[+] [-] stef25|4 years ago|reply
Now they're looking at you from two angels.
Instead of all this jumping through hoops with anonymous VPN and payment methods, why not just do it from Starbucks?
[+] [-] miyuru|4 years ago|reply
I would like the bad people to be caught and you are just giving away free advice to any future thief like him and also kind of encouraging other people which is kind of worrisome.
Privacy is a double edge sword and this is case that I happy that he was caught because of his lack of knowledge.
[+] [-] adrr|4 years ago|reply
[+] [-] charcircuit|4 years ago|reply
[+] [-] stefan_|4 years ago|reply
[+] [-] InTheArena|4 years ago|reply
Responsible disclosure exists for a reason.
[+] [-] sneak|4 years ago|reply
It disappoints me that he has the audience he does.
[+] [-] tptacek|4 years ago|reply
[+] [-] djweis|4 years ago|reply
[+] [-] fastball|4 years ago|reply
[+] [-] jimsparkman|4 years ago|reply
Couple things that stood out to me was that the incident occurs in December and the raid ensues March 24th, so roughly 3 months. Building the case I presume.
Then after the raid, the accused doubles down and seeds fake news stories.
[+] [-] seibelj|4 years ago|reply
In addition to the the usual passion killings and random murders, there is the occasional criminal that thinks they are way smarter than everyone else and doubles or triples down even as the noose is tightening, because they 100% believe they are geniuses and will get away with it.
Example: https://www.youtube.com/watch?v=mVVL_U4BTGs
In this episode a member of Mensa, who enjoyed staging murder mystery dinner parties for his Mensa friends, poisoned his neighbor over loud music and barking dogs, and thought he was such a criminal mastermind that he could talk his way out of it. These people have mental disorders.
[+] [-] ocdtrekkie|4 years ago|reply
[+] [-] bithavoc|4 years ago|reply
[0] https://www.linkedin.com/in/nickolassharp
[+] [-] oars|4 years ago|reply
That's almost $5 billion wiped off the company's market capitalisation because of this employee.
[+] [-] zamadatix|4 years ago|reply
I mean Nick Sharp certainly took a chunk out of them but there is more to the story for why the market lost that much faith.
[+] [-] hedora|4 years ago|reply
[+] [-] Ice_cream_suit|4 years ago|reply
which were followed by a significant drop in the company’s share price associated with the loss of billions of dollars in its market capitalization."
[+] [-] bborud|4 years ago|reply
Do they understand that they may need to fire the CEO given that the CEO probably is the weakest link here? Do they have sufficient liquidity and capital to invest in resetting the culture and hiring people who can turn this around?
[+] [-] fencepost|4 years ago|reply
[+] [-] blitzar|4 years ago|reply
I thought it was meant to be hard out there in tech valley ?
[+] [-] Maxburn|4 years ago|reply
[+] [-] xt00|4 years ago|reply
[+] [-] wnevets|4 years ago|reply
[+] [-] southerntofu|4 years ago|reply
Is OpenWRT or OPNSense the way to go? Or is there some more generic web dashboard you can run on any GNU/Linux or BSD system?
[+] [-] virogenesis|4 years ago|reply
I am a satisfied user of their software (and hardware) for the past 10years.
If you don't mind the rather rustic interface, it should be as closest to a professional grade cisco as you can get.
[+] [-] z80x86|4 years ago|reply
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-b...
[+] [-] phnofive|4 years ago|reply
This seems to explain how this comes down after less than a year since the incident. Surfshark now supports an outage related kill switch, not sure if that's a new feature.