Ubiquiti sues Krebs on Security for defamation

2022-03-30 19:46

Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.

On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.

On December 1, 2021, the US Department of Justice charged former Ubiquiti software engineer Nickolas Sharp, accusing him of attempting to steal data from the company and to exhort $2m from the firm in Bitcoin ransom as part of an effort to reduce the price of Ubiquiti shares.

Ubiquiti, in its complaint [PDF], alleges that Krebs, after seeing the DoJ announcement, knew that the unidentified source he cited in his March articles - Sharp - had been indicted for involvement in the attack on Ubiquiti.

The biz contends he published on his Krebs-on-Security website a story on December 2, 2021 that repeated prior claims while misleadingly referring to his source as "a Ubiquiti employee" and to Sharp as "a Ubiquiti developer" if they were separate individuals and without acknowledging that the two references were to the same person.

"Despite these damming [sic] facts, Krebs published a story on his blog the next day doubling down on his false accusations against Ubiquiti and intentionally misleading his readers into believing that his earlier reporting was not sourced by Sharp, the hacker behind the attack," the complaint says.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/30/ubiquiti_brian_krebs/

#security #SUE