Ubiquiti Sues Krebs
Ubiquiti has sued cybersecurity researcher Brian Krebs of Krebs on Security over Krebs' reporting connected to Ubiquiti's 'catastrophic' data breach in early 2021.
In this report, IPVM examines Ubiquiti's complaint and the legal issues involved.
Defamation ********* *****
************* * **-**** ***** **************** ***** *** ***** ** ******** on ***** **, **** ** *** Eastern ******** ** ********:
*** ********* ******* ***** ******* ******** by ********** *********** ******** ** ***** by * ******** ******** ******** ** be * *************. *** ********/************* ********* sabotaged ******** *** ********* *** ****** from *** ******, ********* ** *** FBI.
Both ****-*****, *** ****** ** **** ****
**** ** * *********** *******, ***** by ********, *** ** *** ******* networking *********, ******* ***** *****, * widely-read ************* ******. **** ******** *** Krebs *** *** ******** **** **** down ****** **** *************, **** ******** ** * ****** **** ****** in ********* ******* ******** ******* **** ******-******'* *********** ** ******** *** ******* *** "********** **********."
DOJ: ******** ******** ****** ******, ******* ********
*** ****** ******** ********, ******** *****, was******** ** *** ********** ** ********* ******** *, ****. *** ***,** *** ***** *******, ******* **** ***** ***** ** an ********* ******** *** ***** ** extort ******** *** ~$* ******* *** while ******* ** *** **** ** remediate *** ******** ******. *******, "***** subsequently **-********** *** ******** ** ******* the *********** ** ********** **** ******** about *** *******’* ******** ** *** breach **** ** ***********."
March **** ***** *******
***** ********* ** ******* ** *** website, ***** ** ********, ** ***** 30, ****, ****** "*************: ******** ****** '************.'" *** ******* ** ***** ** a ****** ****** **** ***** ******** to ** "****." ********* ** *** article, **** *** "* ******** ************ at ******** *** ****** *** ******* respond ** *** ***-***** ******."
*******, ***** ********* *********** **** **** that ******* ******** ** *********** *** incident:
*** * ****** *** ************ ** the ******** ** **** ****** ******* Ubiquiti ********* ********** * “************” ******** to ******** *** *** ** *** stock *****, *** **** *** *****-***** cloud ******** ***** *** * ***********.
***** ****** **** * ****** **** the ****** ********* ***** ** *** European **** ********** ********** **** ****** Ubiquiti ******** ******** ******* ** **** customers **** ********:
** *** **************** ***** **** ********, and ***** ******** *** ********* ******* to ********** ******* *********.
*******, ***** *** *** **** ** a **** ** **** ****** *** he *** *** ******* ** ** full.
******** ***** **** **%
******* ***** **, **** *** ***** 31, ****, ***** *** *****' ****** went ****, ******** ***** **** ~**%, losing **** $* ******* ** ****** capitalization,********* ** *** *** ***** *******.
December **** ***** *******
***** **** ********* ** ******* ** December *, ****, ******"******** ********* ******* **** *********, ******* 2020 '******',"*** *** ***** *** *** ******** its ********** ** *** ****** ******** employee/source, ******** *****.
*****' ******* ********** *** *** ***** release. *******, ***** **** *** ******** in **** *******, ** ** *** other ******, **** *** *** ******* Sharp ** *** **** ********** *** was *** ************* *** ********* ***** in ***** ****.
****** ***** ************** ***** ** *** "********* *************" in *** "***** **** *******" ******* about ********'* ******:
***** ****** ***** **** ******* ** be ********* ***** *** ******** *** Company-1’s ******** ** *** ******** *** related ***********. ** ***** *******, ***** identified ******* ** ** ********* ************* within *******-* *** *** ****** ** remediating *** ********. ** **********, ***** falsely ******* **** *******-* *** **** hacked ** ** ************ *********** *** maliciously ******** **** ************* ****** ** Company-1’s *** ********.
December **** ****** ** ***** *******
***** *** *** ********** *** ********, Krebs ****** **** ***** ****** ** his ***** **** ******:
Did ***** **** *** ****** *** *** ******?
******** ******* **** ***** "***** **** actual ******" *** ************* *** **** readers **** *****' ************* ****** *** the ******** ******** ********, *****, **** the **** ******:
[*****] ************* *********[**] *** ***** ** intentionally ************ *** *********** ***** ***** and ************* *********** *****’* **** ** his ********* ** ******* ******** *** perception **** ***** *** “****” **** not *** **** ******.
***** ***** ******** ** *** ***** 2021 ** ******** **** ******** ** the ************* ****** *** *** ******** Ubiquiti ******** *** *** **** ******. Indeed, *****' ******** **** ******* ******:
** ******* ****, ********** ************** ***.[****:**] ********* **** * ****** ** a ***** ***** ***** ******** *** exposed ******** ******* ***********. ** *****,a ******** ******** ********** *** ******* *** *********** *********** the ***** ** *** ********, *** that *** *****-***** ***** ******** ***** was * ***********. ** *********,a ****** ******** ********* was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower. [emphasis added]
**** **** *** ******* ******* ** not *** "******** ********" *** "****** Ubiquiti *********" *** *** **** ******.
******** ************ ***** ***** **** **** portion ** *** ***** ******** **** article ** *** *********, ******** ***** hid **** ******* **** **** *** the **** ******:
** ******, *** “******** ********” *** the “****** ******** *********” **** ***** referenced *** *** **** ******: *****. This *** ********—***** ********* ** ***** as ** “********” *** **** ** a “*********”—*** * *********** ******* ** Krebs ** **** **** *** ******* the **** **** ***** **** ** legitimate ******* *** *** *******.
***** *** *** ****** ******* ** already **** **** *** ************* ****** was *** ******* ******** ******** ** March **** **** *** ************* ********** him.
Ubiquiti ****** "*****" **********
******** ********** ****** ** *** ********* that ***** ***** ***** ********** ***** Ubiquiti ** *** ***** **** *****:
***** ******* ******* ******** ** ********** fraud, ********* ******* ***, *** ********* SEC ***********, *** ** ************ *** claim **** “****** ** *********’ ******* deployed ** ************ *** ***** ****** the ***** *** ** ****” *** that ******** *** ********** ** ******* the ***** *** *** “********* ******* to ********** ******* *********.”
*******, **** **** ***** ********** ******** Ubiquiti's ******** ** *** ******. ** Krebs' *******, ** ****** *** ************* on ********* ******* (*.*. "*** ********* had ****** ************** ****** ** ********'* servers" *** "******** *** ********* *******") and ******** *** *** **** *** truths ** ***** ********** ** *** complaint.
Fact *. ******* *** ** ********** ********
***** ********* * ****** ** ********** about ********'* ****** **** ** ***** from *** "*************," ****, *********:
- “** [*** ******] *** **************** ***** than ********, *** ***** ******** *** overruled ******* ** ********** ******* *********.”
- *** ****** *** “********** *** ************ written ** ***** **** * *** party ***** ****** *** ** **** and **** ******** *** ****** * casualty ** ****, ******* ** *** target ** *** ******.”
- "*** ********* *** ****** ************** ****** to ********’* ******* ** ******’* ***** service."
- “******** *** ********* ******* (** ****** logging ** *********) ** ** *** unable ** ***** ** ******** **** they ********, *** *** ******** ******** the *********** ** *** *********, *** created ***** ********* **** ********** ************ to **** *********."
*******, **** ** ***** ********** ***** be ******** (*.*. [*** ******] "*** catastrophically ***** **** ********") ***** ****** can ** ***** ** ** * true ** ***** **** (*.*. ******* or *** ***** ******** ******* ** protect *********).
"******** ***** ********** ** **** ** opinion ** ****** ****** **** ***** sources ********* ***’* ******* ***,"*** ******* ***** *** ******* (****) at ******* ********** ******,**********:
* ****** *** **** ****** *** have ******** ***** ** **** **** conclusion **, *** ** ***** ** a ********** ********* ** *** ******* facts **** *** ** ** *****.
*******, ** ** *** *********** *************** to ********* ******* * ********* ** a **** ** * ********* *******, with *** **** *******," ** *******, courts **** **** ** *** ******* and ****** ** ***** *** ******* defamation ********."
Krebs *******: ***** *** *******
*****' *******, ** *** **** **** the *** ******** *** ************* *** the ******** ******** ****** ** ******** 2021, *** **** *** "***** ** the ***** *** *******," ** ***** from *** ***** *****.
Contradictory **********?
*******, **** ***** ************ ** ******** ********* ***** ** *** ***** **** everything ** ***** ** ***** **** was ****. ** *** ******** **** piece, ** ********** ******** **** *** DOJ **********:
******* **** ***** *** *** ******** its ****** *******, ***** “****** ***** or ********** **** ******* ** ** published ***** *** ********,” *********** ***.Among *** ****** **** ** ***** **** ******* *** **** ******** *** ********* ** **** ****** **** **** ***** ***** *** ******* ** ********** *** **** ***** ** *** *********. ** *******, *** ********** *******, ***** *** ********* ** *** *** *** ****** ** **** ********’* ******* **** ******* **** ** **** ******** ** ***. [emphasis added]
** *** ***** ****, ***** ******* had ******* ** ***** **** **** Ubiquiti ********* ** **** **** ** all, ******* *** ************* ******:
“******** *** ********* ******* (no ****** ******* ** *********) so it was unable to prove or disprove what they accessed, but the attacker targeted the credentials to the databases, and created Linux instances with networking connectivity to said databases,” Adam wrote in his letter. [emphasis added]
******** ****** *** *** **** **** at *** ** **** **** **** of ****, ****** *** * ***** period ** **** *** ** *****'* sabotage. *******, **** ** * **** that ***** *********, *** *** ***** will **** ** ****** ******* ** was **** ** ***.
Krebs: ** *******
***** ******** ** ******* ** **** on **** *******:
******, ***, *** ** *** ******* of ******* * **** *** **** any *******.
Risks *** ***** *** ********
***** **** ********'* *** *****' ********* of *** ******* **** **** *************, both ***** **** ***** ** **** lawsuit.
** *** *** ****, ***** ** relatively ***** ** ***** ** * financial **** ** *** ********** ** to **** **. *******, ***** ** also ********** ********* *** ** * well-known ************* **********, ** ** *** get ***-**** ******* *** ** ******* to ******* *** *** **** **** case ** ********* ** *** ******* public.
** *** ***** ****, ******** *** lots ** **** ** ***** *** possibly **** ** **** *******, *** it ** **** * ******** ****** of ******** ********* *** *****-*******. *********, a ******* ***** ****** *********** ************ issues *** *** *******. *******, ***** has * ***** ****** ********* ** Ubiquiti ********** **** ******* ***** **** bad ***** ** **** ********* ******* on ********.
** *** ******** ****, ******** ***** use **** ******* ** **** ** its ******** ** *** *********** ******** about *** ***** **** ******. ******** management ***** ***** **** ** *** not ********* *** **** **** **** the ****** ** * ********** ****** by * *******.
Long **** ** *******, ******** ****-***** ***********
** ****** **** ***** ** ***** this ******* **********, ***** ***** ******** histories **** ***** ********, *******, ******** allegations, ***. ** ** ****** *** lawsuits ** **** ** *** ******** years ** ******* **** ****** ** settle.
*** **** ** ***** ** ********, which ******* ****-***** *********** ** **** to ******* **** ******. ****** *** "strategic ******** ******* ****** *************" *** anti-SLAPP **** *** ********* ** * state-to-state *****, **** ********** ****** **** of *** ****** *********** *** **** speech ** *** **. *********, ****-***** laws ******** ***** ********** **** ** a "******* ****** ** *******" ** that ********** *** ******* * ******* at ** ***** ***** ****** ******** in **** ********* *********.
********'* ****-***** ******* ** ***** *****, so *** ****** **** *** ************ how ******* ********** **** ** ********,*** ********* ********* *** ******* ** the ***** ******. *******, ***** ***** ** ********* by ***** ******** ** ******** *********** alleviated ** **** ******* ** ***** out.
Editor's ****:
** ****** **, ****, ***** ********* ********* ******* ** *** ****, titled "***** ******** ** ********",*********** *** ****** **** *** ******** were *******:
**** ****, * ****** * ****** of ******** ***** * ********* “******” at ********. ** **** ****** *** that ********* *** *** ****** *** has ***** **** ******** ** ******* prosecutors *** *** ******* ********** – which ******** ********* ***** *********** ** the *****.
** * ****** ** *** *** information **** *** **** ******** ** me, * ** ****** **** ***** in *** ******** ** ** ****** or *** *********** ** ******** ** me. * ****** ******** ** ****** that ** ******** *** ******** ******* and *******.
**** ****, * ****** *** **** and, ** * ******, * ***** like ** ****** ** ********* ********* to ********, *** * **** ******* to ****** ***** ******** **** ** website.
* ****** **** ***** ***** ***********. It ***** ** ** * **** line ** ********* **** ******* **** said ** * ******* ********* ** as **** ****** **. ** ** Krebs ********* **** *** *** **** or **** * ************** **** *** they ****** ****'* ***** *** **** came **** **** * ***** *** they *** ********, ********** ***** ********** the *****. ** ***** ********* ** it *** **** ******* ****** ***** the **** **** ****, * ***** say **** *** ******. ** *** as *** ******* ** ****, * would *** ***** ** ****** *** it ** **** ** ***** ******/******* and *** ******** **** **** **.
** ************** * ***** ** *** *********** ********* ****** * ******* ****** of "$*** *******":
*******, ******* ** **** ****** ****** ********* ** *** *******. *******, *** ******* ***** ******* figures ******** ** ***** $**** ** page **:
*** ****'* **** ***** **** ***** - $*** ******* ** *** ***** vs $*** ******** ** *** *********. Another *********** *** ******** **** ******.
* ********* *** ******** ** ** media ***** *** ** ********* *** title.
*****, **** * ****** "*******" ** unforgivable ** **. ** *** ******* yourself ** ** * ********** ***'** supposed ** ****** *** ****, *** create **. **** **** ******** *** proofreading ****** ** ********** ***% ****** you *** *******.
****** **** **** ******** *** ** mistake. **** *********.
*****, **** * ****** "*******" ** unforgivable ** **.
'************' ***** * *** *****.
**** ***** ******* **** *** "*************" came *** ** * **** * did ***** ** ****** ***** ** Ubiquiti ********, *** ********* ********** *** use ** *** ******. **** *** look ** ****** ** *** **** they **** * ******* ***** ***'* great, *** **** ******** ** ** as ******* *** ************.
* ****** ** *** ****** ** their ***** *** **** *********** **** would **** **** ********* ******* ** how **** ** **** ** *** huge ********** ********* *** ***** ******** which *** * **** ******** ******** to ****.
***** ** **** *** ** *** an ****** *** *** *** *** same ***, ** ****'* *** ***** with ** **** ***** *** *** make ** *****. * *** ** is ******** ** ******* *** *******, so ***** ** ***'* **** *** and *** **** *** ** ***, but ** ***** **** ***** ******* that ***** *** *********** *** "*************" was *****.
******** ***** ***** ** *** ****, but **** **** ****** ******* *** an ****** **** *****'* ******* *****. They **** **** ** ***** **** this *** **** **.
**** **** ** ******* *** ***** do ** *** **** *************'* ****** before ********** ****?
***** *** * ***** **** ** where ** ** *******.
***** *** ** ********** *** ****** these ******** ***** ***** **** ** Ubiquity ***** - *** *** ** published **** ******.
********* *****, ***, ** **** ******* to ******* ** ******* *** *********** once *** '*************' *** ********.
***...**** ** ********* ***** *** ******. Based ** *** ****** ** ****, he *** ** **** **** **** sensationalized. ** ****** ** *** ***** for ******. **** ** **** **** to ******** ***** ****** ***** ******, he ***** * ************* ******** **** I'm ******** ** *** ** **** would ****** ******** (********* ** ** was ********* ***** ***** ********* ****** at *** ****)...
*** ****'* ************* *** *** *** media *****, *** *** **** ******** isn't ******. ******* ***** *** *******, baddest ******** **** ** **** *** clicks / ******* / ******* *** subsequently *******, *** **** ** ** with ****** ********.
* ******* ***** ** ** ***** ground ****.
**** **** ***** ******** **** **** would ***** *** ********* **** *** flung.
**** **** ***** ******** **** **** would ***** *** ********* **** *** flung.
**** *** **:
"Between ***** **, **** *** ***** **, ****, ***** *** *****' ****** **** ****, ******** ***** **** ~**%, ****** **** $* ******* ** ****** **************"
*****relied ** *** ******* ****** - who turned out to be the actual perpetrator of the 'hack' himself - and Ubiquity suffered financially based on Krebs never attempting to substantiate the claims before publishing them. that's solid ground?
***, ***** ***** ***** **** ** as * ********* ********. ******** ***** that ** ******* ******* ************* *** *** ******* ** *************** hit ***** *****.
****** **** (***) ******* ****** ****** whose ******** *** ******, *** ******* his ******** '*** ** ******.'
************* ******* ***** ***** *** **** to ** **** (*** ***) ***'* just **** *** ** ***, ** from '*********' ***********.
*** ****** *** ****** *****-** ******** who ******* ****.
******,* *** ***** ****** **** ***** side**** **** *** ********** * ********** and **** ***** *** ** ********* until **** ***** ** ******* ** Ubiquiti's *********:
********* *** ********* ***** ** ******** (as **** ** ******** ********* ***** Krebs) *** ********* ******* ** *********** to *********** ******* *** *******. ***** the ************* *** ** ***** *********** litigation ********, ** ********* ***** **** 6, **** ** ********** *** ********* to *** *******, *** **** *** prejudice *** *****.
***** ** ******** ** ***** *********** by ************* ************* ***** *****, ***** *********** ** ***** ********* Cases *** ********-***** **** ***************** *. ******.
******: ***** ******** ** ********* ** respond *** ** ** *** *** by **** **, ****.
******* ********* ***** ********* ****** *** court *** **** **** **** ** the **** ********* ****** ************* *************:
*'** **** ***** ** **** ***** situation ***** **** **** ****. * think * **** ****** **** **** John ******** * **** ***** ** was ******.
****** ******** *** ******* *** ****** to ****** *** ******** (****************.***)
**** *** **** *** ** *** most *********** ****** ** *** **** decade. ** **** ******* ***********.