2 min read

Ex-Amazon worker suspected of hacking Capital One, faces charges of breaching 30 other companies to mine cryptocurrency

Graham CLULEY

August 29, 2019

Ex-Amazon worker suspected of hacking Capital One, faces charges of breaching 30 other companies to mine cryptocurrency

At the end of July, the FBI arrested a 33-year-old woman in Seattle in connection with a massive data breach at financial services firm Capital One.

33-year-old software engineer Paige Thompson, who also went by the online handle of “erratic”, was suspected of breaking into Amazon Web Services (AWS) servers used by Capital One, and stealing data related to 100 million credit card applications.

Prosecutors said that the breach included 140,000 social security numbers and 80,000 bank account numbers, culled from the many millions of card applications.

Capital One blamed the security breach on a “configuration vulnerability”.

In the latest development of this ongoing investigation, Thompson has been charged in relation to not just hacking Capital One, but a further 30 organisations. And in some cases, according to an indictment unsealed yesterday, the former Amazon systems engineer exploited servers at hacked companies to mine cryptocurrency.

The indictment alleged that Thompson exploited the fact that certain Amazon cloud customers had “misconfigured web application firewalls on the servers”, and that this misconfiguration was exploited to “obtain credentials for accounts of those customers that had permission to view and copy data stored by the customers on their Cloud Computing Company servers.”

The indictment continues to allege that Thompson used those stolen credentials to access and copy other data stored on the Amazon cloud servers, including personal identifying information, and offers a motive:

“The object also was to sue the access to the customers’ servers in other ways for Paige A Thompson’s own benefit, including by using those serves for ‘cryptojacking’.”

Regular readers of Hot for Security will be all too familiar with the rapid rise of cryptojacking, where computer power can be stolen by unauthorised parties to “mine” for cryptocurrency. Most users’ experience of cryptojacking has been within their web browser, but it’s just as possible – and indeed even more attractive – for the persons doing the cryptomining to take advantage of the increased processing power offered by servers.

Other than Capital One, none of the victim organisations have been named – although some have been loosely described as a public research university, a telecoms conglomerate, and a state agency.

Thompson is schedule to be arraigned on September 5 2019, and – if eventually convicted of the charges – could face up to 25 years in prison.

Ironically, investigators were directed towards Thompson as a suspect after an acquaintance of hers warned Capital One that stolen data had been published on Github.

The name associated with the Github account? “paigeadelethompson.”

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read