FBI reports that a US citizen has been detained for allegedly orchestrating a data breach at his business. As per the US Department of Justice’s press release, Nickolas Sharp, 36, is suspected of “stealing terabytes of private information” from a New York-based wireless communications equipment maker.
The defendant then tried to extort almost $2 million from the company in exchange for the recovery of the stolen data and the discovery of a “backdoor” into the firm’s computer systems – all while “ostensibly seeking to fix the security breach,” according to the district attorney’s office.
The indictment reveals that Sharp, as an Amazon Web Services (AWS) cloud administrator, “repeatedly exploited” access credentials, including access to the company’s AWS and GitHub servers, to extract confidential material in December 2020. Sharp then emailed his company an anonymous ransom note in January 2021, demanding payment of 50 bitcoin, valued approx. $1.9 million at the time. He allegedly disclosed a chunk of stolen material on a publicly available website when the firm refused to pay up.
According to the Department of Justice, the defendant harmed computer systems by altering log retention policies and other files to hide his unlawful network activities. FBI revealed that Sharp allegedly employed the Surfshark virtual private network (VPN) service to hide his IP address. However, due to a momentary internet failure at his house, his home IP address was mistakenly disclosed while he was exfiltrating data.
Many days later, Sharp, appearing as an anonymous company whistle-blower, posted adverse news reports falsely alleging the theft resulted from a hacker exploiting a flaw in the firm’s computer systems a few days later.
Sharp has been charged on multiple counts. The Department of Justice stated in a news statement that the charges in the indictment are only accusations and that the defendant is considered innocent until and unless proved guilty.