"A short time after Ubiquiti discovered the attack, the unknown 'hacker' sent an anonymous ransom note via the platform Keybase," the complaint said. The complaint detailed the incident that led to the first story, saying that it had found suspicious activity on its cloud infrastructure on 28 December 2020 and then put together a team, which included Sharp, to investigate. Despite overwhelming facts showing that his reporting is pure fiction, Krebs has refused to retract or correct his disinformation campaign against Ubiquiti". The complaint alleged Krebs had intentionally misrepresented the truth because he had a financial incentive to do so, adding, "His entire business model is premised on publishing stories that conform to this narrative. The complaint charged that while the DoJ indictment was central to a follow-up story that Krebs published in December, he continued to repeat the false assertion that “n March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication". The Krebs' report appeared to have been the original with four others - in the Washington Post, Cybereason, Apple Insider and ZDNet - citing Krebs' report as the source in their reports, all of which appeared on or around 30 March.
The DoJ did not mention Sharp's employer, but Sergiu Gatlan, a reporter with the website Bleeping Computer, wrote that the details around the incident perfectly matched existing information on the Ubiquiti breach and also on Sharp's LinkedIn account. "But in the very next sentence, Krebs describes Sharp as 'a former Ubiquiti developer' who 'was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower'.”Īccording to the indictment issued by the DoJ against Sharp in December 2021, after publication of the articles in question on 30 and 31 March, Ubiquiti's stock price fell by about 20% and the company lost more than US$4 billion (A$5.32 billion) in market capitalisation. "Instead of acknowledging that the source from his previous story was indicted by federal prosecutors for his crimes against Ubiquiti, Krebs calls Sharp 'a Ubiquiti employee' when referencing Sharp’s contributions to his reporting. "Despite these damming facts, Krebs published a story on his blog the next day doubling down on his false accusations against Ubiquiti and intentionally misleading his readers into believing that his earlier reporting was not sourced by Sharp, the hacker behind the attack. "Krebs reviewed the press release and he knew that his sole source had been indicted for his criminal involvement in the cyberattack," it claimed. The Ubiquiti complaint said when the DoJ issued a media release about Sharp's indictment, Krebs did not change his story in any way. It said there was no evidence to support Krebs' claims and only one source, Nickolas Sharp. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his website, the complaint alleged. "Ubiquiti then notified the public in the next filing it made with the SEC. In its complaint, Ubiquiti said contrary to what Krebs had reported, the company had promptly notified its clients about the attack and instructed them to take additional security precautions to protect their information.
The ex-worker, Nickolas Sharpe, was indicted by the US Department of Justice in December last year. Krebs wrote a story in March last year - which he later updated - which was fed to him by an ex-employee of Ubiquiti who was himself involved in the data theft and extortion bid, while he masqueraded as a whistleblower and anonymous attacker. The case against Krebs was filed in the US District Court for the eastern District of Virginia, Alexandria Division, on Tuesday.
The San Jose, California company sought a trial by jury to decide the charges which were filed by the law firm Clare Locke LLP.