The original article[0] seems perfectly fine. But, if "Adam" (original informant) and Sharp are the same person[1] and Sharp is in fact the person who perform the breach such that this is an inside job instead of an external hack.
IANAL and while I'm not sure of the merit to this lawsuit itself, there's still a lot of problems if your informant is the person performing the illegal activity.
Completely unethical of Krebs not to update his original article and mention this. He got tricked into helping a hacker trying to extort money, and owes it to the community to set the record straight.
> Update, Dec. 5, 2021: The Justice Department has indicted a former Ubiquiti developer for allegedly causing the 2020 “breach” and trying to extort the company.
He never mentions that his source "Adam" was actually the Ubiquiti insider who was extorting them at the time. I mean, the hacker used Krebs to further his extortion attempt and Krebs has never addressed it here or anywhere else.
Yeah, I think the lawsuit is probably bogus, but so is the Twitter logic that people who sue the media are never portrayed in media as good guys. If Krebs was unwittingly used the attacker, I think he should update his stories, but that depends on that allegation being true.
I don't think that should be worth a lawsuit, but it would reflect badly on him if that's proven true and he doesn't update. Of course, filing lawsuits over disclosure of security issues is also a bad look, but I never used their stuff to begin with.
The original article[0] seems perfectly fine. But, if "Adam" (original informant) and Sharp are the same person[1] and Sharp is in fact the person who perform the breach such that this is an inside job instead of an external hack.
IANAL and while I'm not sure of the merit to this lawsuit itself, there's still a lot of problems if your informant is the person performing the illegal activity.
[0] https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-b...
[1] https://krebsonsecurity.com/2021/12/ubiquiti-developer-charg...