As a lawyer, i've read this entire filing and it seems like nonsense at a glance.<p>Krebs mentions the person was arrested. Ubiquiti claims first that he doesn't point out the person he sourced it from what arrested, and that he tries to mislead people by not saying repeatedly that the person is basically felon, and that being arrested makes him an invalid source of evidence, etc. They also claim he describes him as a current employee.<p>This is all nonsense AFAICT<p>1. Krebs mentions the person was arrested.<p>2. Krebs says "In March, a ubiqitui employee said X". That was accurate at the time (AFAIK, and ubiquiti cites no real evidence I see that Krebs should have known it was not true).<p>3. Krebs carefully points out the <i>arrested person claims x and y</i> (which is accurate).<p>4. The filing says <i>Sharp</i> made false claims, and spends a paragraph explaining them.<p>5. The filing says Krebs made them too, but ironically, for all of its bluster, doesn't cite where and when (that I can see), and which exact claims, they are claiming Krebs said that were false.<p>6. The filing cites no evidence that Krebs knew or should have known, in March, that the claims were false. They get into some weird arguments about their 10-q filing but it's hard to understand the point they are trying to make. It apperas they are trying to claim that krebs should have known they notified the public but i think that's kind of a silly argument - krebs is clearly talking about their users, and most users do not read 10-q's. Saying you notified the public because you put it in a 10-q is like saying you notified the public because you put it in a classified ad section. It's dumb wordplay.<p>7. The December blog post they say he "doubled down on" seems again, carefully written to say what <i>Sharp</i> claims, not what <i>Krebs</i> claims.<p>I could go on.<p>The whole thing is, IMHO, not written very well. It's very emotionally written for a pleading, and you will be hard pressed to find a judge who will get themselves worked up over that kind of writing. Instead they mostly roll their eyes and wish that someone gave them a clear and convincing pleading instead.<p>Put another way - if there is a case here, it isn't visible on this pleading. This <i>feels</i> like "throw a bunch of emotional stuff at a wall and hope it sticks", where you really want "here is an open and shut case of why this person defamed us"
Seems pretty close to textbook SLAPP in a jurisdiction - Virginia - that has strong anti-SLAPP laws <i>[correction: <a href="https://news.ycombinator.com/item?id=30867948" rel="nofollow">https://news.ycombinator.com/item?id=30867948</a> notes this is federal, and it has not been established if VA SLAPP laws apply]</i> and and precedent for their use. I am a fan of Ubiquiti gear but I hope they lose, pay Krebs' costs, and pay a multiple of the costs as damages.<p><a href="https://twitter.com/QuinnyPig/status/1509374736903507974" rel="nofollow">https://twitter.com/QuinnyPig/status/1509374736903507974</a> is just an example of how well this is going over.
The lawsuit, it seems like a grey area. Report on something but then further facts come out and your story is literally outright false. You've been misled and abused by your source. I guess that's the job of a journalist to ensure what you are publishing is true.<p>Flipside, there's a term named "Krebbed" for a reason. <a href="https://www.urbandictionary.com/define.php?term=krebbed" rel="nofollow">https://www.urbandictionary.com/define.php?term=krebbed</a><p>Krebs has a history of poor journalism to say the least. Frankly, it's best to ignore Krebs. I stopped reading him years ago.<p><a href="https://itwire.com/business-it-news/security/new-york-times-says-krebs-wrongly-implicated-briton-in-twitter-hack.html" rel="nofollow">https://itwire.com/business-it-news/security/new-york-times-...</a><p><a href="https://itwire.com/business-it-news/security/infosec-researchers-slam-ex-wapo-man-krebs-over-doxxing.html" rel="nofollow">https://itwire.com/business-it-news/security/infosec-researc...</a><p><a href="https://itwire.com/business-it-news/security/ex-wp-man-krebs-pulls-claims-of-russian-links-to-shadow-brokers.html" rel="nofollow">https://itwire.com/business-it-news/security/ex-wp-man-krebs...</a><p>3 separate instances where Krebs got it wrong. Seems to happen a little too often.<p>Seems clear to me, Ubiquiti got Krebbed.
I'm honestly not sure how Ubiquiti felt this was a smart idea; defamation lawsuits are notoriously difficult to win and in the vast majority of cases, result in greater damage to the plaintiff's image than before filing the lawsuit.<p>Waste of everyone's time and money.
From their complaint:<p>>Krebs intentionally disregarded these facts<p>It's easy to miss something when you're not directly involved in a case, even more so when you're also not a lawyer (me) but from what I understand:<p>Success for Ubiquiti here requires an ability to prove not only that statements he was making (as reported to him by a disgruntled Ubiquiti employee) were false, but that Krebs <i>knew</i> the claims were false. Ubiquiti seems to be arguing that, "because we said these claims were false, that proves he knew they were." That's a non sequitur IMHO.
I may be missing something here, English _is_ my first language after all, but regarding the screenshot of the "ad" on page 3 of the complaint; they suggest Krebs refers to "the employee" as an employee in one sentence and a "former employee" in the next. The complaint reads to me like the person who put it together doesn't understand the English language, or, reading or writing at all, for that matter.<p>"In March, a Ubiquiti employee warned that the company had drastically understated the scope ... claim was a fabrication. On Wednesday, a former Ubiquiti employee was arrested..."<p>I'm pretty sure this is junior school level writing, but full stop means end of sentence, and then you start another. There is nothing in the screenshot's text which suggest the former is referring to the same person as the latter; in fact, I read it as expressly making a potential distinction.<p>"6. Krebs altered his description of Sharp, first he described Sharp as a current employee. He then described Sharp as a..."<p>Who wrote this beautiful pair of sentences in the complaint, immediately after? Two sentences which clearly should have been one.<p>If this is the basis of their complaint, I worry for Ubiquiti as a company.
Lawsuit aside, I consider Ubiquiti's founder, Robert Pera [1], to be a fascinating individual. He runs an $18B company where he owns like 90% [2] of the shares (pretty high?). Also owns an NBA club (Memphis Grizzlies). I just think he's pretty under-the-radar for his kind of success.<p>1 - <a href="https://en.wikipedia.org/wiki/Robert_Pera" rel="nofollow">https://en.wikipedia.org/wiki/Robert_Pera</a>
2- <a href="https://www.fool.com/investing/2021/09/28/3-stocks-with-78-percent-or-greater-ceo-ownership/" rel="nofollow">https://www.fool.com/investing/2021/09/28/3-stocks-with-78-p...</a>
I'm the director of Free Law Project, the non-profit org that runs CourtListener. If anybody wants to get email or RSS alerts for this case, you can set them up here: <a href="https://www.courtlistener.com/alert/docket/new/?pacer_case_id=521759&court_id=vaed" rel="nofollow">https://www.courtlistener.com/alert/docket/new/?pacer_case_i...</a>
If I understand correctly, there's a real edge case going on here: Everything Krebs reported was simply what he was told by a then high-ranking employee of the company. True, Krebs didn't know this at the time, but I would think it completely exonerates him (otherwise, it would be easy for corporations to destroy journalists they didn't like by having an executive give them false information which they then dutifully report).<p>Any legal eagles here who can clarify this aspect? Is "I was just repeating what your executive told me" a get-out-of-jail-free card?
Ah, the Streisand Effect[1]<p>Anyone else here who would have remained ignorant of this all absent this lawsuit?<p>[1] <a href="https://en.m.wikipedia.org/wiki/Streisand_effect" rel="nofollow">https://en.m.wikipedia.org/wiki/Streisand_effect</a>
I read in another HN thread that Ubiquiti was actually not hacked but that a former employee leaked information and tricked Krebs into believing he was a whistleblower.<p>Is there a more detailed write-up somewhere about what happened exactly?
Ugh. My EdgeRouter and APs have been nice, but between the increasing cloud BS and now a SLAPP suit, they've lost my business for good.<p>No. My internal network infrastructure should NEVER depend on someone else's computer, ever.
Title is incredibly misleading and should be corrected.<p>They are suing for defamation because Krebs failed to retract anything after more information was revealed.
<i>If you could just go ahead and win this for us, Krebs. Yeah, that'd be great.</i><p>Ubiquiti must have solid ground to be dragging themselves into this mess? I mean, from one side - it looks like a lot of people are on Krebs side, awesome. But, from another - no one at Ubiquity expected some kind of a pushback?
Well. I realize that the original story got amplified but seeing that lawsuite is the last nail to the coffin of my view of ubnt.<p>Telemetry, declining quality, outdated software (log4j was so old it was hard to patch), NVR discontinued, and now this. It's over for me. I will never sell ubnt again.<p>I liked there positioning in the market, it was my goto solution for small to mid deployment, up to 20AP.<p>A few days ago, a customer got their nvr hacked and it started (well, it tried) to mine crypto. I had told him it would happen eventually so I limited the nvr user permissions and resources to the strict minimum, which mitigated the attack.<p>I ended up coding an in house solution, with a mix of ffmpeg rtsp->hsl bridges and motion for motion detection. Nothing fancy, a few scripts and a few html pages.
Suing a journalist is not a good look. I wonder what other vendors out there will take up some market share from them after this nonsense is over. Hopefully this in the end this turns into a net positive for Krebs.
I'm not sure, given their history of flat out lying / misleading in regards to product features, that Ubiquiti wants the same sort of reasoning to apply to their own misstatements.
Can I not write in my blog whatever I want? Who says that I can not spread lies [1] about companies? Freedom of speech?<p>[1] I have no idea which side is correct, I am just amusing Ubiquiti's claims are correct.
I’m of two minds:<p>On the one hand we need openness with regards to reporting breaches.<p>On the other hand we need truth in reporting. Krebs seems to be teetering at the edges. I’d rather have solid reporting without the drama.
I'm rapidly loosing respect for Ubiquiti. This is the wrong approach. Security by obscurity is not security.<p>More information: <a href="https://en.wikipedia.org/wiki/Security_through_obscurity" rel="nofollow">https://en.wikipedia.org/wiki/Security_through_obscurity</a>