Feb 3, 2023

PuTTY on my Win98 VM crashes OpenSSH and I'm somewhat hesitant to report it because I feel like they're going to keep the bug in out of spite because "why are you using ancient OS lmao"

Let's do a quick #OopSec postmortem on this dickwizard Nikolas Sharp, who tried to ransom his employer Ubiquiti for 50 BTC (~$1.5MM at the time) after pilfering internal files.

* Operated from his home address and home internet connection. Thus, when his VPN failed, his system touched Ubiquiti servers using his home IP, which obviously implicated him.

Lesson: Never operate from your home, and if you must, don't use your own internet connection.

Lesson: Configure your VPN connection to fail safe.

* Used a commercial VPN paid with his own PayPal account with his name on it. (Even if his VPN hadn't failed, they probably could have gotten him on this anyway.)

Lesson: Use an onion router like Tor or pay for a VPN with cash or crypto

* Lied to the FBI. This is almost certainly netting him extra prison time.

Lesson: Don't talk to cops. Shut the fuck up!

And finally, this last one really defies reason:

* After the FBI *raided his house* , he went out and leaked a bunch of information to the press, whose reporting resulted in the Ubiquiti stock price taking a dive. As if LEO and the company weren't already incentivized to crucify this straw-brained sackcloth and flannel mockery of a human being, he went out and gave them even more reason and urgency to throw him in a cage.

Lesson: Once again, shut the fuck up!

Don't do crimes, kids, but if you are compelled by fortune or circumstance, maybe come up with a plan that doesn't unravel the moment everything doesn't go perfectly for you.

The BleepingComputer writeup on the story, and the link to a PDF of the indictment docs here: