Alleged Capital One hacker indicted on new computer fraud charges
source link: https://siliconangle.com/2021/06/30/alleged-capital-one-hacker-indicted-new-computer-fraud-charges/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The U.S. Department of Justice has filed additional charges against Paige A. Thompson, the former Amazon Web Services Inc. engineer who allegedly hacked Capital One Financial Corp. in 2019, resulting in the theft of 100 million customer records.
Thompson was initially indicted in August 2019 and was accused of hacking Capital One and a range of other companies and organizations. Those companies and organizations include UniCredit S.p.A, Vodafone plc, Ford Motor Co., Michigan State University and the Ohio Department of Transportation.
The methodology in each hacking case is said to have been the same as with the Capital One breach. Thompson allegedly created scanning software while working at AWS to allow her to identify customers who had misconfigured their access. Having detected that, she then allegedly stole their customer databases.
In the case of Capital One, Thompson allegedly stole data from a misconfigured Amazon S3 storage instance. Thompson’s intent to steal and share stolen data has always been unclear, although Thompson was also allegedly involved in maliciously installing cryptomining scripts on compromised servers as well.
Thompson was initially indicted on two counts of wire fraud and computer fraud. As of now, the Justice Department has added seven new charges, according to court documents filed June 17 and first reported by The Record Tuesday.
The new charges are six counts of computer fraud and abuse and one count of access device fraud. Although the court document names Capital One, the rest of Thompson’s alleged victims are not named.
Along with a U.S. state agency, a telecommunications company outside the U.S. and a U.S. public research university per the original indictment, new unnamed targets are listed in the new indictment. They include a digital rights management company, a data and threat protection services provider, a technology company that provides solutions for call centers and a company that providers higher-education learning technology.
Although the number of Thompson’s alleged victims may have increased, the timeline has not changed. Prosecutors still allege that Thompson used her access while working at AWS to detect misconfigured S3 instances and then exploit the exposed data.
Prosecutors claim that Thompson downloaded more than 20 terabytes of data belonging to more than 30 companies. Thompson has pleaded not guilty and was released on a pre-trial bond in August 2019. The trial is set for March 2022 after being delayed during COVID-19. If found guilty, Thompson could be sentenced to up to 20 years in jail.
Photo: Tdorante10/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.
“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy
We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK