Former Amazon Engineer Convicted Of Pc Fraud In Large Capital One Knowledge Breach

Three years in the past, Capital One Monetary Company suffered a huge information breach that uncovered clients’ private data. Moderately than being the sufferer of social engineering or a ransomware assault, it turned out that Capital One had misconfigured its net utility, leaving its system susceptible to a breach. The perpetrator, Paige Thompson, is a former Amazon engineer, which can be why she was conscious of this misconfiguration, as Capital One’s system operated on Amazon Net Companies (AWS).

Thompson, who was 33 years outdated on the time of the breach, stole the non-public data of greater than 100 million Capital One clients. This data included Social Safety numbers and checking account numbers. Thompson bragged about her unauthorized exfiltration of this information on GitHub. On-line chat logs present that she thought of sharing the stolen data with a scammer and deliberate to publish the information whereas exposing her involvement. A girl involved with the perpetrator instructed that Thompson flip herself in to regulation enforcement, however, after a month of inaction on the a part of Thompson, the lady knowledgeable Capital One of many breach.

A number of years after leaving Amazon, the previous worker constructed a instrument to scan for the firewall misconfiguration amongst AWS clients and ended up discovering that Capital One’s system was susceptible on this method. Thompson’s attorneys argued that she was utilizing the strategies of moral hackers to find vulnerabilities. Nevertheless, reasonably than informing Capital One of many misconfiguration, as an moral hacker would, Thompson as an alternative stole buyer data and used the monetary agency’s AWS servers to mine cryptocurrency.

Now, three years after the breach, a Seattle jury has discovered Thompson responsible of violating the Pc Fraud and Abuse Act. Extra particularly, the jury declared her responsible on 5 counts of gaining unauthorized entry to a protected laptop and damaging a protected laptop, in addition to wire fraud. Nevertheless, the jury discovered Thompson not responsible of entry gadget fraud and aggravated identification theft.

Thompson’s sentence is but to be determined, however unauthorized entry to a protected laptop and damaging a protected laptop are punishable by as much as 5 years in jail, and wire fraud is punishable by as much as twenty years in jail, so Thompson may have a protracted sentence forward of her.

High picture courtesy of Wikipedia consumer Tdorante10