Capital One Hacker Also Exploited Cloud Servers Of 30 Companies For Cryptojacking Says Indictment

On August 28, 2019 a federal grand jury indicted former Amazon engineer, Paige Thompson. If found guilty of the multiple counts of wire fraud and computer fraud Thompson faces up to 25 years in prison. The indictment alleges not only that she stole data, but also that after forcing access to cloud servers of Capital One and more than 30 other businesses, government agencies, and schools, she used the computing power to mine cryptocurrency.

The allegations of data theft are highly documented. However, this indictment is the first time prosecutors have publicly alleged Thompson of “cryptojacking”; The process of hacking a computer and using it for cryptocurrency mining.

Hints that Thompson was involved in cryptojacking had come to light previously. In a Slack message reported on by Forbes in July, Thompson wrote, “I’ll be employed again soon and if I had a partner I could have them take over my cryptojacking enterprise and be a stay at home.”

The indictment alleges Thompson used illegally accessed data of customers from the servers of a cloud computing company. The cloud provider wasn’t named in the indictment, but Amazon has been sued related to the breach.

Amazon has said the exploit was the result of configuration errors by Capital One, not by any mistakes on the part of Amazon. It was likely these sorts of configuration errors that allowed for the hack. The indictment says Thompson used software that identified companies with misconfigured web firewalls, then sent requests to gain security credentials of customers with access to data stored on the servers.

The indictment says Thompson gained the information of about 100 million people who had applied for credit cards with Capital One. Fortunately, investigators say Thompson does not seem to have sold that information.

Indictment of Paige Thompso… by GeekWire on Scribd

Header Image “Capital One – Access Landing Page Design” by Josh Jones

Comments are closed, but trackbacks and pingbacks are open.