A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.
US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.
The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.
In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.
Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”
US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”
Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.
Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.
Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.
“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”
For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.
Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.
In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.
Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”
Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®
Recruitment tech company Globalization Partners is doubling its staff headcount in Galway to 320 in 2022 to aid its continuing growth.
Recruitment technology company Globalization Partners has announced plans to create 160 new jobs at its Irish base in Galway. The jobs boost will see the company double its Galway staff headcount to 320 in 2022. Jobs will be available across the board at the company’s Galway office, which serves as its EMEA centre of excellence.
The announcement comes following a major funding injection for the international firm. Globalization Partners recently raised $200m in funding from Vista Credit Partners, an organisation focused on the enterprise software, data and technology markets. The investment now values Globalization Partners at $4.2bn.
While its Galway facility will benefit from a major jobs boost, the company plans to continue to expand its share in the global remote working market. As well as the Galway growth, the company will also be expanding its teams in other locations.
Globalization Partners provides tech to other remote-first teams all over the world. Its platform simplifies and automates entity access, payroll, time and expense management, benefits, data and reporting, performance management, employee status changes and locally compliant contract generation. Its customer base includes CoinDesk, TaylorMade and Chime. The company’s new customer acquisition increased two-and-a-half fold from 2020 to 2021.
“Globalization Partners is uniquely positioned to capitalise on the massive opportunity we see ahead of us,” said Nicole Sahin, the company’s CEO and founder.
Sahin said her company’s combination of tech with its global team of HR, legal and customer service experts “who understand the local customs, regulatory and legal requirements in each geography we serve” were key to its success.
David Flannery, president of Vista Credit Partners said that the company’s role “in transforming the remote work industry has been truly remarkable.”
Flannery said that as a customer of Globalization Partners, his organisation had “witnessed first-hand” the company’s “best-in-class legal compliance, the quality of the user experience, and the deep expertise and support they provide,”
He added that the two companies would work to “further capitalise” on the “untapped” global remote working market, expanding their platform to new customers in new markets.
“Over the past decade, we have invested hundreds of millions of dollars in our business, building our global presence and technology platform to support the evolving and complex talent needs of growing companies,” said Bob Cahill, president of Globalization Partners. “With Vista as our investment partner, we will be able to drive further growth and continue building innovative products to meet the increasing needs of our customers at scale.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
But bear in mind that with more than one device, or person, using your connection simultaneously, including updates and downloads when idle, slower broadband packages can quickly get choked.
Reposition your router
If your broadband connection is fast enough but your wifi is weak, there are things you can do. If possible, move the router closer to the centre of the house, or towards the rooms in which you need the strongest signal. Keep it in the open, not in a cabinet, and away from solid and metallic objects.
And try to position it away from dense walls, particularly those made out of concrete blockwork or with pipes and wires running through them.
Check your settings
Most modern routers will automatically select the best settings for your home, but you can manually check using the web interface of your router accessed through a browser on a computer. Consult the help pages for your ISP’s router for how to do so.
Wifi operating at 2.4GHz uses a range of frequency “channels”, only some of which do not overlap with each other. To reduce interference from your neighbours’ wifi, switch to channel 1, 6 or 11, which do not overlap, and therefore are less likely to cause or suffer interference.
If you have a connection under 200Mbps, enabling prioritisation or “quality of service” for your key devices, might help. This stops other things from sucking up all the available bandwidth – it will prevent a game download on an Xbox cutting off a video call on your laptop, for instance.
Set a strong wifi password using at least WPA2 security, not the lowest WEP option. This will make sure no wifi thieves can log on to your network and steal your bandwidth.
Check your devices
An internet slowdown may be down to your devices rather than your router. For older computers, upgrading the wifi adapter may help. USB wifi 5 adapters cost under £15, while the latest wifi 6 models cost about £50, but you will need a compatible router to take advantage of the extra speed.
For a non-portable device, such as a media streamer or a console, use an ethernet cable if it is close to the router, as this will be faster and more reliable than wifi.
If you have about 40 devices connected at once, consider disconnecting unnecessary ones to help provide more bandwidth for those you need most.
Weaker routers struggle with lots of devices connected at once.
Extend the wifi reach
If your wifi can’t reach parts of your house you can extend the signal of your current router with add-on gadgets.
Powerline networking devices use your home’s power cables to transmit data. They typically cost between £20 and £70. They plug into standard electrical sockets with one connected to the router via an ethernet cable, and others placed about the home providing ethernet ports and/or wifi for your devices. The speed you get through them is dependent on the condition of your electrical wiring.
Wifi extenders (£25-70) do a similar thing, but simply connect to your router via wifi, then rebroadcast it for other devices.
A network switch (under £20) can add more ethernet ports to your router if you need to connect more devices.
Upgrade to a better router
Replacing your existing router is often the most effective way to improve your wifi, but is also the most costly. Before committing to a third-party router, speak to your ISP as it may be able to provide you with a more modern one for free. Virgin and other ISPs are currently rolling out more powerful wifi 6-capable routers.
Otherwise, there are broadly two options: a beefy single router with much more powerful wifi broadcasting ability than the cheap one provided by your ISP, or a mesh system, which uses a series of satellites dotted about your home to blanket it in wifi.
Both typically use your existing router as a modem and then broadcast their own more robust wifi network.
Single unit wifi 6 routers start at about £60 but can reach the hundreds for powerful gaming-orientated devices. They connect to your old ISP box via ethernet cable, which means they are often easier to place in a more central area of your home. Running a long ethernet cable under floorboards, carpets, behind skirting boards or picture rails, or just under furniture can help keep things neat.
Good wifi 5 mesh systems start at under £100 for a triple pack of satellites, which should be enough for most homes with connections under 200Mbps. For those with faster broadband, good tri-band wifi 6 models cost about £300.
In-brief IBM has offloaded healthcare data and analytics assets from its Watson Health business, with private equity firm Francisco Partners hand over around $1bn for the privilege.
The takeover “is a clear next step as IBM becomes even more focused on our platform-based hybrid cloud and AI strategy,” Tom Rosamilia, senior vice president, IBM Software, told newswire Bloomberg. “IBM remains committed to Watson, our broader AI business, and to the clients and partners we support in healthcare IT.”
Launched in 2015, IBM Watson Health hasn’t been able to turn a profit despite the company spending $4bn in acquisitions to grow the business and its capabilities.
IBM has tried to whittle down its Watson Health division for a while, after struggling to sign hospitals as clients.
Algorithms are improving poker players’ skills but are they ruining the game?
Professional poker players are increasingly consulting specialized poker software programs to boost their chances of winning, but some believe it has made the game less fun and encourages cheating online.
PioSOLVER, available for purchase starting from $249, allows players to recreate game scenarios and calculates the optimal strategy that should be played given the cards available. Some professional poker players, described by the New York Times, use the software to replay their games to see if they played their cards correctly, others boot up PioSOLVER to learn and memorize new strategies.
Poker is seen as a mostly-solved problem in computer science. Libratus, an AI model, beat the top players in a no limit heads-up no-limit Texas competition in 2017. At the time, Tuomas Sandholm, one of Libratus’ creators, said it was unlikely people could run the complex software to cheat. But some claim that PioSOLVER is now helping mediocre poker players to rack up wins.
It’s unclear if PioSOLVER relies on similar machine learning techniques as Libratus, as little information is available about the algorithms it employs.
Doug Polk, a notable semi-retired poker player, said: “I feel like it kind of killed the soul of the game.” The game has turned from “who can be the most creative problem-solver to who can memorize the most stuff and apply it.”
PioSOLVER’s creator, Piotrek Lopusiewicz, however, said similar poker-solving programs have been available for a while and that his software is merely the latest advance in the field.
Rent a robot for less than the cost of human labour
There’s a robot that presses metal to make things like hinges or locks, and it’s cheaper to hire than human workers.
Built a company named Formic, the machine is pretty much one long mechanical arm. Its job is to pick up bits of metal and put them into a press for shaping. It can work without any breaks for its employer, Polar Hardware Manufacturing, and costs about $8 per hour – less than the minimum wage of $15 in Chicago, Wiredfirst reported.
Companies like Formic help industrial factories recruit robot workers without having to pay for the whole machine. Customers can, instead, rent the company’s metal arms to perform simple, repetitive tasks whenever they want. Its cheaper, and they don’t have to faff around with things like software or maintenance.
“Anything that can help reduce labor count or the need for labor is obviously a plus at this particular time,” said Steve Chmura, chief operating officer at Georgia Nut, a confectionery company in Illinois that also rents robots from Formic. Chmura has been able to staff up with robot workers during the pandemic; these machines can take over if human employees quit or get sick. ®