Damian Williams, america Lawyer for the Southern District of New York, introduced that NICKOLAS SHARP, a former worker of a public New York-based expertise firm (“Firm‑1”) was sentenced at this time to 6 years in jail. In December 2020, SHARP secretly stole gigabytes of Firm-1’s information. Whereas purportedly working to remediate the safety breach he created, SHARP extorted the corporate, as an nameless hacker, for almost $2 million for the return of the information and the identification of a remaining purported vulnerability. SHARP subsequently re-victimized his employer by inflicting the publication of deceptive information articles as a purported nameless whistleblower in regards to the firm’s dealing with of the breach that he perpetrated, which had been adopted by the lack of over $4 billion in Firm-1’s market capitalization. SHARP beforehand pled responsible to deliberately damaging a protected laptop, wire fraud, and making false statements to the Federal Bureau of Investigation (“FBI”) earlier than U.S. District Decide Katherine Polk Failla, who imposed at this time’s sentence.
U.S. Lawyer Damian Williams mentioned: “Nickolas Sharp was paid near 1 / 4 million {dollars} a yr to assist hold his employer secure. He abused that belief by stealing an enormous quantity of delicate information, trying to implicate harmless staff in his assault, extorting his employer for ransom, obstructing legislation enforcement, and spreading false information tales that harmed the corporate and anybody who invested into the corporate. Sharp now faces critical penalties for his callous crimes.”
In accordance with the Indictment, court docket filings, and statements made in court docket:
Always related to the Indictment, Firm-1 was a expertise firm headquartered in New York that manufactured and bought wi-fi communications merchandise and whose shares had been traded on the New York Inventory Alternate. SHARP was employed by Firm-1 from in or about August 2018 by on or about April 1, 2021. SHARP was a senior developer who had entry to credentials for Firm-1’s Amazon Internet Companies (“AWS”) and GitHub Inc. (“GitHub”) servers.
In about December 2020, whereas interviewing for a place at one other firm, SHARP repeatedly misused his administrative entry to obtain gigabytes of confidential information from his employer. In the course of the course of this cybersecurity incident (the “Incident”), SHARP triggered harm to Firm-1’s laptop programs by altering log retention insurance policies and different information with a view to conceal his unauthorized exercise on the community. SHARP modified session file names to aim to make it seem as if different coworkers had been accountable for his malicious classes.
In or about January 2021, whereas engaged on a workforce remediating the consequences of the Incident, SHARP despatched a ransom word to Firm-1, posing as an nameless attacker who claimed to have obtained unauthorized entry to Firm-1’s laptop networks. The ransom word sought 50 Bitcoin — which was the equal of roughly $1.9 million, primarily based on the prevailing trade price on the time — in trade for the return of the stolen information and the identification of a purported “backdoor,” or vulnerability, to Firm-1’s laptop programs. After Firm-1 refused the demand, SHARP printed a portion of the stolen information on a publicly accessible on-line platform.
On or about March 24, 2021, FBI brokers executed a search warrant at SHARP’s residence in Portland, Oregon, and seized sure digital units belonging to SHARP, together with a laptop computer SHARP had used to steal Firm-1’s information. In the course of the execution of that search, SHARP made quite a few false statements to FBI brokers.
A number of days after the FBI executed the search warrant at SHARP’s residence, SHARP triggered false information tales to be printed in regards to the Incident and Firm-1’s response to the Incident. In these tales, SHARP recognized himself as an nameless whistleblower inside Firm-1 who had labored on remediating the Incident and falsely claimed that Firm-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator entry to Firm-1’s AWS accounts. The truth is, as SHARP effectively knew, SHARP himself had taken Firm-1’s information utilizing credentials to which he had entry, and SHARP had used that information in a failed try and extort Firm-1 for thousands and thousands of {dollars}.
Following the publication of those articles, between roughly March 30, 2021, and March 31, 2021, Firm-1’s inventory value fell roughly 20%, shedding over $4 billion in market capitalization. SHARP additionally tried to trigger home and overseas regulators to research Firm-1 primarily based on his false allegations in regards to the safety breach he secretly triggered.
* * *
SHARP, 37, of Portland, Oregon, pled responsible on February 2, 2023, to at least one rely of transmitting a program to a protected laptop that deliberately triggered harm, one rely of wire fraud, and one rely of constructing false statements to the FBI. Along with the jail sentence, SHARP was sentenced to a few years of supervised launch and ordered to pay restitution of $1,590,487 and to forfeit private property used or meant for use in reference to these offenses.
Mr. Williams praised the excellent investigative work of the FBI.
This case is being dealt with by the Workplace’s Complicated Frauds and Cybercrime Unit. Assistant U.S. Attorneys Vladislav Vainberg and Andrew Ok. Chan are accountable for the prosecution.
