A former Amazon Net Providers (AWS) engineer has been discovered responsible of hacking into prospects’ cloud storage techniques and stealing knowledge associated to the huge breach of Capital One in 2019. A U.S. district courtroom in Seattle on Friday convicted Paige Thompson for seven counts of pc and digital fraud, against the law punishable by as much as 20 years in jail.
Thompson, also referred to as “Erratic” on-line, was arrested for hacking Capital One in July 2019. The breach was one of many largest ever recorded, exposing his title, date of delivery, social safety numbers, e mail addresses, and telephone numbers of over 100 million individuals within the US and Canada. Capital One has since been fined $ 80 million for failing to safe consumer knowledge and reached an settlement with affected prospects for $ 190 million.
A Justice Division (DOJ) press launch states that Thompson developed a instrument that scanned AWS for misconfigured accounts after which used these accounts to achieve entry to Capital One techniques and dozens of different AWS purchasers. Prosecutors additionally say Thompson “hijacked” the corporate’s servers to put in cryptocurrency extraction software program that might switch any beneficial properties to her private crypto pockets. Then she “bragged” about her errors on on-line boards and textual content messages.
On the time, there was a debate over whether or not Thompson was an moral hacker or a safety researcher due to her uncommon sincerity about her function within the on-line Capital One assault – she posted delicate buyer knowledge on a public GitHub web page, and shared particulars in regards to the violation on Twitter and Slack. Earlier this yr, the Justice Division made it clear that it might not prosecute safety investigators beneath the Laptop Fraud and Abuse Act. However clearly, American prosecutors weren’t satisfied that Thompson’s actions fall into this exception.
“Removed from being an moral hacker attempting to assist firms with pc safety, she exploited the errors to steal useful knowledge and sought to get wealthy,” stated US lawyer Nick Brown in a press release. Thompson’s sentencing listening to will happen on September 15, 2022.
