UPDATED 21:52 EST / AUGUST 29 2019

SECURITY

Alleged Capital One hacker indicted for hacking 30 other companies

Paige A. Thompson, the alleged hacker behind the theft of more than 100 million customer records from Capital One Financial Corp., has been indicted on additional charges for hacking more than 30 companies.

Thompson was first said to have been involved in the hacking of other companies Aug. 14 when the U.S. Department of Justice said it had found evidence of other companies being hacked. The new federal grand jury indictment, announced Wednesday, of multiple counts of wire fraud and computer fraud now make that official.

The Justice Department did not reveal the companies hacked, saying only that they included “a state agency outside the State of Washington; a telecommunications conglomerate outside the United States; and a public research university outside the State of Washington.” The description does line up with a list of companies and government bodies that are speculated to have been targeted by Thompson: UniCredit S.p.A, Vodafone plc, Ford Motor Co., Michigan State University and the Ohio Department of Transportation.

The methodology in each case was the same as with the Capital One breach. “Thompson created scanning software that allowed her to identify customers of a cloud computing company who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers,” the Justice Department said.

That the “cloud computing company” is Amazon Web Services Inc. is already known, Thompson previously having worked at AWS. The data, at least in the Capital One case, was allegedly stored on an AWS S3 storage instance.

The intent of stealing the data remains unclear, with Thompson continuing to claim not to have sold, shared or disseminated any of the data. The data theft may ultimately have been a sideshow, however, to her main intent, since it has now been revealed that she installed scripts to mine for cryptocurrency.

As Geekwire pointed out, there had been previous hints that Thompson, who was also unemployed, had been involved in maliciously installing cryptomining scripts, a process referred to as cryptojacking. She is said to have written on Slack at one point that “I’ll be employed again soon and if I had a partner I could have them take over my cryptojacking enterprise and be a stay at home.”

Posting under an alias, Thompson is also said to have written June 26 that “for some reason [I] lost a whole fleet of miners all at the same time, so [I] think someone is onto me.” Thompson was arrested for allegedly hacking Capital One in July.

Unless a plea deal is forthcoming, fairly common in hacking cases, Thompson could be facing an awfully long time in jail if found guilty. Each of the charges in the new indictment carries penalties of up to 25 years in prison.

Photo: Billy Hathorn/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.