This is a crime story with several interesting twists.Probably the biggest news this part:
… Former ubiquity developer. He was allegedly charged with stealing data and attempting to blackmail his employer while pretending to be a whistleblower.
Impersonating a whistleblower to gain power or force money is a particularly serious act as it can undermine all legitimate whistleblowers.
But to put it another way. Staff seem to tend to attack employers while claiming protected status as they seek to align their personal interests with greater interest.
I remember people asking me about their true opposition to Google because Tristan Harris suspiciously branded the whistleblower.
He wasn’t personally profitable enough and seemed most angry that he wasn’t given more power. For him, the wrong people got all the money and fame. Thus, Tristan has shown a way to go far beyond that and has become famous and wealthy, primarily using his experience at Google.
my Favorite takedown of Tristan comes from his less ethical self-promotional film disguised as a documentary.
This movie is designed to showcase Tristan Harris, who probably occupies one-third of the screen time. Tristan made a name for himself as Google’s internal “ethicist” for some time before becoming a great prophet that “Internet companies are trying to manipulate us.” But, as others have pointed out, Tristan has a habit of making things very exaggerated and misleading.Antonio García Martinez emphasizes in him as just one example. Dismantling a must-read movieHarris claims that earlier technologies like bicycles didn’t have the same problem. But, as Antonio points out, there was actually a pretty big moral panic about the bike … “
Unable to appear in a Netflix movie about a company doing bad things like Netflix, Netflix came across as a giant nail in Tristan trying to claim the status of a whistleblower.
Shameless. But this also does not change the fact that someone attacking a former employer could actually expose them to serious mistakes.
The second notable point of Ubiquity crime story Instead, it’s how the whistleblower was exposed because he made a serious mistake.
According to the complaint, Sharp downloaded a large amount of proprietary data on Amazon’s AWS cloud service using his still functional privileged access to Ubiquiti’s system after securing a job at another company. increase.
Sharp used a SurfShark VPN connection to mask the real IP address to cover his truck. He then sent a ransom note to Ubiquiti using the same cover, requesting 25 Bitcoins in exchange for a promise not to share the data.
However, his unstable internet connection temporarily failed multiple times and his actual IP address was revealed, allowing investigators to track the download to Sharp. And he forgot to turn on the Kill Switch on SurfShark VPN. By default this is off.
As I said, Ubiquiti was exposed to use the AWS infrastructure (a very insecure configuration), not to mention allowing large-scale extraction of data, and former staff enabled privileged access. You can see that it is still there.
However, in this case, much more interesting is the presence of sharps. Not so sharp.. (They say that the only criminal is a fool, because if they are wise, they will never be prosecuted for being a criminal.)
After breaking the basics of buying a VPN, he broke the basics of a VPN configuration (probably because he’s not only sloppy and incompetent, but impatient).
… Investigators could also link the attacker’s VPN connection to a SurfShark account purchased with Sharp’s PayPal account.
The cost of SurfShark is so small that it is questionable why Sharp didn’t consider paying anonymously.
In this case, you need to ask why SurfShark is pitching security online, even though there is no warning that SurfShark will disclose your personal information (IP address) by default.
In fact, the opposite is true, enabling “Kill Switch” warns that the connection may be protected. Cause a stop..
“”How to use the kill switchSeems to be a very selfish and misleading thing about SurfShark (while failing to do basic confidentiality, it improves availability and improves the user experience, yet it’s more available than without a VPN. No one pays for a VPN to improve).
VPN kill switch configuration reveals fake ubiquity whistleblowers
https://www.flyingpenguin.com/?p=36901 VPN kill switch configuration reveals fake ubiquity whistleblowers