> Also, as I understand, all Krebs has done is wrote "X told me about Y". How is that statement false, if X really contacted Krebs and told about Y?
My advice would be to read the actual complaint[0]. It goes into detail why they are doing this and their various points. The part that is interesting to me at least is Krebs intentionally labeling Sharp differently depending on the sentence in the same article.
> 6. Krebs alternated his descriptions of Sharp, first he describes Sharp as a current employee. He then describes Sharp as a “former Ubiquiti developer” to deceive readers into believing that the sourcing for his original story was a legitimate source—someone other than Sharp. Krebs, therefore, intentionally concealed the fact that the only support for his reporting came from the very person who had just been indicted for hacking and attempted blackmail.
It is completely obvious to everyone that there is no deception here. Sharp was an employee at the time of the first article but presumably wasn't at the time of the second article (post arrest). The clear implication is that previous employee source was quite likely the preson arrested. The previous article contains a link near the top to the new information. This is purely Ubiquiti harassing Krebs, who does things by the book because he gets harassed all the time from all side.
> "In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower."
This does not seem completely obvious. He uses "Ubiquiti employee" as the source of his first story, and then "former Ubiquiti developer" as the guy who was arrested when it was published. These are two different descriptions used just a sentence away from each other, making it sound like two different people were involved.
He almost certainly knows if they are the same person or not since he would have needed to confirm that his source was actually an employee but he does not want to confirm that in a way that undeniably makes the identity of his source public. In this case the breach was much worse than initially revealed and internal vs. external is a relatively minor issue. While I didn't read the whole complaint, searching for a few keywords suggest that Ubiquiti is not disputing that their legal department overrode taking appropriate measures to protect customers, the other key point of the initial article (the main point even). An interested reader will effortlessly make the connection between the arrest and the source without it being 100% confirmed that they are the same person and it is quite obvious that someone who was an employee will no longer be an employee after being arrested for stealing from the company, this does not in any way make it sound like a different person. Developer is more specific than employee but not at all contradictory and also does not suggest a different person. As unlikely as it seems in this case consider if the source actually was someone else either in this case or a similar case in the future. Never revealing sources is the safest way to protect all sources. The way the article was written provides all the relevant information without difinitively confirming the identity of the source, just as it should.
My advice would be to read the actual complaint[0]. It goes into detail why they are doing this and their various points. The part that is interesting to me at least is Krebs intentionally labeling Sharp differently depending on the sentence in the same article.
> 6. Krebs alternated his descriptions of Sharp, first he describes Sharp as a current employee. He then describes Sharp as a “former Ubiquiti developer” to deceive readers into believing that the sourcing for his original story was a legitimate source—someone other than Sharp. Krebs, therefore, intentionally concealed the fact that the only support for his reporting came from the very person who had just been indicted for hacking and attempted blackmail.
[0]: https://storage.courtlistener.com/recap/gov.uscourts.vaed.52...