Ubiquity breached, downplayed the issue
-
@scottalanmiller said in Ubiquity breached, downplayed the issue:
If you read the claims by "Adam" and then read the statement made by Ubiquiti, you can see from that alone that he was lying. The entire premise of his claim is that UBNT downplayed something and tried to blame Amazon. But there is nothing of the sort in the statement that UBNT made. Nothing. This "Adam" character fabricated it completely just to get attention. And Krebs didn't do any verification, even bothering to read his own story. He just published something he already knew to be false to get a headline.
How do you know it's Adam who's lying? What makes you so sure UBNT are telling the whole truth? In the end, the company has more to lose here, not the whistleblower.
“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,”
Ubiquiti has not responded to repeated requests for comment.
“Legal overrode the repeated requests to force rotation of all customer credentials, and to revert any device access permission changes within the relevant period.”
Does that sound like a trustworthy company? Or one trying to cover their asses to protect stock prices?
-
@marcinozga said in Ubiquity breached, downplayed the issue:
How do you know it's Adam who's lying?
Either it is Adam or the person falsifying the quotes. But they quotes conflicting statements.
-
@marcinozga said in Ubiquity breached, downplayed the issue:
Does that sound like a trustworthy company? Or one trying to cover their asses to protect stock prices?
Can't go by the quote of someone we already caught lying a few sentences before. Bottom line is either Adam and/or Krebs (my money is on Adam) is just looking for some attention here. And it worked. Make a claim, don't substantiate it, don't even make it plausible, and no one checks. You can read the quote right on Krebs from Ubiquiti that clearly doesn't say what Adam claimed it said. So.... what's the bases for the whole complaint?
-
@scottalanmiller said in Ubiquity breached, downplayed the issue:
@marcinozga said in Ubiquity breached, downplayed the issue:
Does that sound like a trustworthy company? Or one trying to cover their asses to protect stock prices?
Can't go by the quote of someone we already caught lying a few sentences before. Bottom line is either Adam and/or Krebs (my money is on Adam) is just looking for some attention here. And it worked. Make a claim, don't substantiate it, don't even make it plausible, and no one checks. You can read the quote right on Krebs from Ubiquiti that clearly doesn't say what Adam claimed it said. So.... what's the bases for the whole complaint?
So whatever company says is absolute truth, right? Give me a break. Whistleblower has a name for a reason. And Krebs wouldn't publish the story unless he vetted the source thoroughly. But why do I even bother replying, since you already know UBNT tells the truth and any conflicting statement is automatically a lie.
-
-
And don't forget, this is a company that wired millions to scammers, and only learned about it from FBI. And they failed to disclose all the details then too. So there's a pattern of covering their screwups.
One fact that Pera and Ubiquiti did not disclose at the time was that Pera only learned about the transfers of vast sums of money, 10% of Ubiquiti’s cash position, after being notified by the Federal Bureau of Investigation.
-
@marcinozga said in Ubiquity breached, downplayed the issue:
@scottalanmiller said in Ubiquity breached, downplayed the issue:
If you read the claims by "Adam" and then read the statement made by Ubiquiti, you can see from that alone that he was lying. The entire premise of his claim is that UBNT downplayed something and tried to blame Amazon. But there is nothing of the sort in the statement that UBNT made. Nothing. This "Adam" character fabricated it completely just to get attention. And Krebs didn't do any verification, even bothering to read his own story. He just published something he already knew to be false to get a headline.
How do you know it's Adam who's lying? What makes you so sure UBNT are telling the whole truth? In the end, the company has more to lose here, not the whistleblower.
Does that sound like a trustworthy company? Or one trying to cover their asses to protect stock prices?
I don't have much to say about the validity of "Adam" / Krebs but the stock is down roughly 25% in the last 3 days alone. The largest down day being today.
Don't know if it is related to this but that much of a loss in 3 days are the big boys dumping (plus the algos too)
-
Have mercy!
-
More fun and excitement on this: https://krebsonsecurity.com/2021/04/ubiquiti-all-but-confirms-breach-response-iniquity/
Hilariously the article spends half the time recapping, and drops a link to the wrong thread (inactive for 1 year)
While I like Brian’s articles this one confuses me greatly. It’s a lot different and feels rushed.
-
@nadnerb yeah google has started putting a krebs into my feed because I've clicked once on the op link.
While I agree that an issue like this should be investigated, I'm sure more than just Krebs would be reporting about it.
-
@dustinb3403 said in Ubiquity breached, downplayed the issue:
@nadnerb yeah google has started putting a krebs into my feed because I've clicked once on the op link.
While I agree that an issue like this should be investigated, I'm sure more than just Krebs would be reporting about it.
This is the hard thing to know - Edward Snowden could have just been swept under the rug... on one hand, you kinda wonder why it wasn't? Perhaps the scope is the difference?
No other media outlet had access - all they could do was report on what the Guardian was reporting. -
@pmoncho said in Ubiquity breached, downplayed the issue:
@marcinozga said in Ubiquity breached, downplayed the issue:
@scottalanmiller said in Ubiquity breached, downplayed the issue:
If you read the claims by "Adam" and then read the statement made by Ubiquiti, you can see from that alone that he was lying. The entire premise of his claim is that UBNT downplayed something and tried to blame Amazon. But there is nothing of the sort in the statement that UBNT made. Nothing. This "Adam" character fabricated it completely just to get attention. And Krebs didn't do any verification, even bothering to read his own story. He just published something he already knew to be false to get a headline.
How do you know it's Adam who's lying? What makes you so sure UBNT are telling the whole truth? In the end, the company has more to lose here, not the whistleblower.
Does that sound like a trustworthy company? Or one trying to cover their asses to protect stock prices?
I don't have much to say about the validity of "Adam" / Krebs but the stock is down roughly 25% in the last 3 days alone. The largest down day being today.
Don't know if it is related to this but that much of a loss in 3 days are the big boys dumping (plus the algos too)
Sure, but the market is a reflection of the news and nothing more. So that doesn't tell us anything about what happened.
-
@dustinb3403 said in Ubiquity breached, downplayed the issue:
While I agree that an issue like this should be investigated, I'm sure more than just Krebs would be reporting about it.
Right? I've seen no news that wasn't just someone repeating Krebs. Nothing of substance, just lots of "this Adam guy said" with the same quotes being spun into several headlines. It doesn't feel like legit news, where's the coverage, where's the follow up, where's actual info?
-
@scottalanmiller Only the shadow knows...
Othherwise... not.
-
@scottalanmiller said in Ubiquity breached, downplayed the issue:
@dustinb3403 said in Ubiquity breached, downplayed the issue:
While I agree that an issue like this should be investigated, I'm sure more than just Krebs would be reporting about it.
Right? I've seen no news that wasn't just someone repeating Krebs. Nothing of substance, just lots of "this Adam guy said" with the same quotes being spun into several headlines. It doesn't feel like legit news, where's the coverage, where's the follow up, where's actual info?
Yeah - no, not right. Really - what's the difference here between the Ubiquiti whistle blower and snowden? it's one guy, on the inside who's blowing the whistle... what makes snowden so much more credible?
each party reached out to a single source to disperse their whistle blowing.I feel like Scott has complete distrust in Krebs - though I'm not sure why? Is it because he has a fairly popular site?
does that mean the Scott will be completely untrustable if his youtube channel starts gaining ground?
Brian Krebs is a reporter, just like Glenn Greenwald... So I understand we need some skepticism... -
@dashrender said in Ubiquity breached, downplayed the issue:
it's one guy, on the inside who's blowing the whistle... what makes snowden so much more credible?
Um, no. Snowden blew the whistle on things people didn't know about. "Adam" is an anonymous source claiming that what was said publicly was something other than what was said. They are nothing alike. One is blowing the whistle. The other is a false claim, that anyone can prove by reading the UBNT announcements in January to see what they said.
Snowden was then covered by the media and stuff released from real news outlets. "Adam" has had zero real coverage and nothing to release.
Snowden also released actual data. It was not a matter of claims. These two situations are polar opposites. That Snowden is what a real whistleblower looks like should, in fact, expose to you why Krebs and "Adam" are charlatans.
-
@dashrender said in Ubiquity breached, downplayed the issue:
I feel like Scott has complete distrust in Krebs - though I'm not sure why?
Because they just posted something that they knew to be false. I'm confused here, how are you missing that "Adam" blatantly lied, and Krebs covered it like it was news without pointing out that the statements were false?
-
@dashrender said in Ubiquity breached, downplayed the issue:
Brian Krebs is a reporter, just like Glenn Greenwald... So I understand we need some skepticism...
A reporter that investigates and reports what they know is a journalist. A reporter that knowingly repeats lies, falsehoods, or baseless claims blindly to get hits is a tabloid.
This situation is a tabloid, there is no reporting here. Very different things. I don't trust Krebs because of this situation.
That Krebs called this guy a whistleblower is even more of a problem. Krebs is attempting to manipulate readers into giving him more credence than they should because his accusations are based on a false statement.
-
@marcinozga said in Ubiquity breached, downplayed the issue:
Original story:
According to Adam, the hackers obtained full read/write access to Ubiquiti databases at Amazon Web Services (AWS), which was the alleged “third party” involved in the breach. Ubiquiti’s breach disclosure, he wrote, was “downplayed and purposefully written to imply that a 3rd party cloud vendor was at risk and that Ubiquiti was merely a casualty of that, instead of the target of the attack.”
Here is the crux of the Adam/Krebs argument (we can't assume that Adam is real, given the serious breach of ethics in publishing this article, we have to assume that Krebs itself may have made up the story as there is zero substance and zero ethics in repeating it as if it was journalism): the claim that the seriousness was downplayed and that a third party was implicated with blame. It's trivial to look up the original statements from Ubiquiti and everyone who has done the slightest research knows that UBNT didn't do these things.
UBNT mentions that the databases were hosted by a third party in exactly the same way that Adam/Krebs do, which is to say that they stated the truth and have zero implications with it. There is zero implication there, zero. Sure, some people will add their own emotional encumbrances and claim that they feel that the third party is at fault, but any implication of that comes from the reader, not the source. Nothing in those words hints at implicating the third party in any form whatsoever. So we already know that Adam has lied, and that Krebs used that lie to run a headline story where Krebs benefited heavily (there is a lot of traffic from this story.)
Ubiquiti then stated that while they aren't aware that user data was accessed, that it could have been. Generally that's as much as you can get in this kind of scenario. This is the expected situation and this tells people that their info is at risk and that they need to change passwords. They clearly encourage everyone to change passwords, and to enable 2FA.
So, where is the downplaying? Not in the statement from Ubiquiti. Both the implication of the third party being at fault, and the claim of downplaying the seriousness of the breach didn't happen. Those are facts. Given those facts, which Krebs had access to when he talked to Adam (if Adam even exists), means that at best, Krebs has no journalistic integrity. At worst, we need to blow the whistle on him being a con artist.
Even if Adam exists, according to the article there's not even reason to believe he really worked on the issue. Any one of us could be this Adam. It's just a random guy claiming to be an employee, providing no evidence that he is who he claims that he is, nor that anything that he claims to have happened, happened, and no explanation for the parts we know about, which are lies.
-
None of this should downplay that UBNT had a serious freaking breach that probably exposed gobs of user data. That's huge. But the market didn't care about a known breach until it became a big Krebs PR story. UBNT admitted that it was huge, they told people about it. Everyone accepted that it was huge. It's a big deal.
The major risk is not to production systems, however. This is something that Krebs is playing up - it's the consumer systems, the Dream Machines, not production level Unifi or Edge gear that is affected. Logins for those of us with business class gear don't have our creds stored with UBNT. Only Dream Machine and consumers have that. So businesses that are at risk were playing fast and loose with their IT already.
Does this impact loads of home users and prosumers? Yes, absolutely. Should they be exposed any more than business users, no, definitely not. But Krebs is playing this up in later posts to act like all the business customers are affected, which while not strictly a complete lie, is definitely not true. It's Krebs just a bad reporter who doesn't know enough about IT and security to talk about it, or is he a crook... or is someone who reports on things they know nothing about a crook anyway?
UBNT screwed up. We should them accountable. But that seems to be an accident. Krebs screwed up. We should hold him accountable. But it doesn't appear to be an accident.
Why is everyone not concerned with how Krebs is approaching this?
