A Seattle woman and former Amazon Web Services employee accused of stealing personal data from credit card-issuer Capital One and 30 other companies also used victim’s servers to mine cryptocurrency, prosecutors in the State of Washington allege.
Paige Thompson is accused of accessing victims’ servers by scanning for misconfigured firewall settings on accounts rented from the Cloud Computing Company. These stolen credentials were then used to access even more information.
“The object was to use that misconfiguration…to obtain credentials for accounts…that had permission to view and copy data stored by customers…including…valuable personal identifying information.”
Other affected organizations include an unnamed American state agency; a telecom outside the US serving customers in Europe, Asia, Africa, and Oceania; and an American public research university.
Thompson is also accused of using victims’ servers for “cryptojacking,” a process where malware is installed on a server and most of the server’s processing power then directed towards the production of cryptocurrencies in an energy- and hardware-consumptive process called “mining.”
All costs are imparted to victims and all proceeds go to the hacker and the companies making the malware.
Court filings also state that Thompson used an onion-router (the Tor browser) to conceal her location and identity as she sent stolen data from her computer in Seattle to another located outside Washington state.
She stands accused of computer fraud and abuse and wire fraud for crimes that allegedly took place between March 12 and July 17 2019, crimes she allegedly bragged about on the developer platform GitHub.
According to a press release from the Washington US Attorney’s Office:
“On July 17, 2019, the GitHub user alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI.”
Hard Fork reports that Thompson also talked about her exploits on Slack using a pseudonym.
“I’ll be employed again soon and if I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home.”
Thompson may also have sensed authorities closing in when she stated in another message June 26th:
“For some reason [I] lost a whole fleet of miners all at the same time, so [I] think someone is onto me.”
Following the tip off July 19th, the FBI appears to have identified Thompson in short order:
“On July 29, 2019, agents executed a search warrant at THOMPSON’s residence and seized electronic storage devices containing a copy of the data.”
If proven guilty beyond reasonable doubt and convicted, Thompson faces up to 25 years in prison and will be ordered to forfeit any ill-gotten gains.