- Apr 24, 2016
Ubiquiti, a maker of wireless LAN and WiFi routers and access points, has filed a case against former Washington Post employee Brian Krebs, who publishes a security blog, alleging that he falsely accused the company of "covering up" a cyberattack by intentionally misleading customers about "a so-called data breach and subsequent blackmail attempt in violation of US federal law and SEC regulations".
Krebs wrote a story in March last year — which he later updated — which was fed to him by an ex-employee of Ubiquiti who was himself involved in the data theft and extortion bid, while he masqueraded as a whistleblower and anonymous attacker. The ex-worker, Nickolas Sharpe, was indicted by the US Department of Justice in December last year.
In its complaint, Ubiquiti said contrary to what Krebs had reported, the company had promptly notified its clients about the attack and instructed them to take additional security precautions to protect their information.
"Ubiquiti then notified the public in the next filing it made with the SEC. But Krebs intentionally disregarded these facts to target Ubiquiti and increase ad revenue by driving traffic to his website, www.KrebsOnSecurity.com," the complaint alleged.
It said there was no evidence to support Krebs' claims and only one source, Nickolas Sharp.
The Ubiquiti complaint said when the DoJ issued a media release about Sharp's indictment, Krebs did not change his story in any way. "Krebs reviewed the press release and he knew that his sole source had been indicted for his criminal involvement in the cyberattack," it claimed.
"Despite these damming facts, Krebs published a story on his blog the next day doubling down on his false accusations against Ubiquiti and intentionally misleading his readers into believing that his earlier reporting was not sourced by Sharp, the hacker behind the attack.
"Instead of acknowledging that the source from his previous story was indicted by federal prosecutors for his crimes against Ubiquiti, Krebs calls Sharp 'a Ubiquiti employee' when referencing Sharp’s contributions to his reporting.
"But in the very next sentence, Krebs describes Sharp as 'a former Ubiquiti developer' who 'was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower'.”
According to the indictment issued by the DoJ against Sharp in December 2021, after publication of the articles in question on 30 and 31 March, Ubiquiti's stock price fell by about 20% and the company lost more than US$4 billion (A$5.32 billion) in market capitalisation.