Pakutanga kwegore nhau dzekusvika zvisiri pamutemo kunetiweki yetiweki michina yekugadzira Ubiquiti yakaburitswa, kubvira panguva iyo vatengi vakaziviswa nezve kupinda kusingatenderwe kune mamwe masisitimu ezvivakwa zvavo akaiswa panetiweki yemupi wegore wekunze.
Kusvika panguva iyoyo, humbowo hwakananga hwekudonha hwaive hwakajeka. nekuwana mauto akakanganisika uye zvakanzi dhatabhesi rine maakaundi raigona kunge rakawaniswa sevhisi inobvumira kure kure kutonga kweUniFi michina.
Iyo dhatabhesi yaive neruzivo senge password hashes, mazita, kero, uye nhamba dzenhare yevashandisi veUbiquiti. Mumusangano wekambani zvaive zvakajeka uye panguva iyoyo kudzoka kwekukwanisa kugadzira maakaunti emunharaunda pamidziyo yavo isina kubatanidzwa neUbiquiti cloud service yaidiwa.
Mune yazvino firmware yeUbiquiti midziyo, lMikana yekutonga kwemidziyo yakasiyana yaive shoma uye kutendeseka kune kambani yegore sevhisi yaidiwa kuti uwane zvishandiso zvitsva neUniFi OS (mune firmware nyowani, kushanda kuburikidza negore kunogona kuvharwa, izvi zvinogona kuitwa chete mushure mekutanga kuseta kweUnifi OS, inoda kubatana neakaunti mune gore sevhisi. ) Kuti udzore zvishandiso, nharembozha inopihwa iyo inodyidzana nemudziyo kuburikidza neUbiquiti gore sevhisi uye haitsigire yakananga kubatana neIP kero.
Mushure mechiitiko ichi, hapana chimwe chakaburitswa nezvazvo, kusvika nguva pfupi yadarika muna Zvita 1, FBI nevachuchisi kubva kuNew York City akazivisa kusungwa kweaimbova mushandi weUbiquiti, Nickolas Sharp. Zvanga zviri achipomerwa mhosva yekupinda zvisiri pamutemo kumakomputa masisitimu, humbavha, hutsotsi hwewaya uye kunyepa kuFBI.
Zvinoenderana neiyo Linkedin mbiri (yakatodzimwa), Sharpe aive mutungamiri wechikwata chegore kuUbiquity kusvika Kubvumbi 2021, uye izvi zvisati zvaitika aive nezvigaro zvepamusoro zveinjiniya kumakambani akaita seAmazon neNike. Sekutaura kwehofisi yemuchuchisi, Sharpe anofungidzirwa kushandisa zvisiri pamutemo chinzvimbo chake chepamutemo uye, nekudaro, kuwana kwekutonga kumakombuta eUbiquiti, akaumbwa akatenderedza 150 repositori kubva kune yake yekambani GitHub account kukombiyuta yake yepamba muna Zvita 2020. Kuti avanze kero yake yeIP, Sharpe akashandisa Surfshark's VPN sevhisi. Nekudaro, mushure mekusaona kubviswa kwekubatanidza paISP yake, Sharpe's home IP address "yakavhenekerwa" mumatanda ekupinda.
Muna Ndira 2021, yatova nhengo yeboka iri kuongorora "chiitiko" ichi, Sharp akatumira tsamba isingazivikanwe kuUbiquiti achida kubhadhara makumi mashanu bitcoins (~ $ 2 mamiriyoni) mukutsinhana nekunyarara uye kuburitsa pachena nezvekusagadzikana kunofungidzirwa kuburikidza nekuwanikwa kwakawanikwa. Ubiquiti paakaramba kubhadhara, Sharpe akaburitsa imwe data yakabiwa kuburikidza neKeybase. Mazuva mashoma mushure meizvozvo, akagadzira dhisiki relaptop, kuburikidza naro akagadzira iyo data uye akanyorerana nekambani.
Muna Kurume 2021, vamiririri veFBI vakarwisa Sharpe ndokutora akati wandei "midziyo yemagetsi." Munguva yekutsvaga, Sharpe akaramba kushandisa Surfshark's VPN, uye paakapihwa magwaro anoratidza kuti akange atenga kunyoreswa kwemwedzi makumi maviri nemanomwe muna Chikunguru 27, akati mumwe munhu akabira account yake yePayPal.
Mazuva mashoma mushure mekurwisa kweFBI, Sharpe akabata Brian Krebs, mutori wenhau anozivikanwa wekuchengetedza ruzivo, uye akamupa "mukati" pane chiitiko cheUbiquiti iyo yakaburitswa munaKurume 30, 2021 (uye inogona kunge iri chimwe chezvikonzero zvekudonha kwe20% muzvikamu zveUbiquiti). Mamwe mashoko anogona kuwanikwa murugwaro rwekupomerwa mhosva.
Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.