The U.S. Division of Justice (DOJ) has filed seven new costs in the direction of Paige Thompson, The earlier Amazon Internet Providers (AWS) engineer accused of hacking Capital One and stealing The private knowledge of Greater than 100 million People.
The mannequin new costs, which embrace six relys of pc fraud and abuse and one rely of entry system fraud, have been revealed in courtroom paperwork filed earlier this month, obtained by The Doc. The earlier indictment charged Thompson with one rely every of wire fraud and pc crime and abuse, which meant she confronted 5 As a lot as 5 in jail and a nice of As a lot as $250,000. As a Outcome of of further costs, Thompson now faces As a lot as 20 years of jail time.
The superseding indictment has furtherly expanded the Quantity of victimized corporations from the 4 itemizinged Inside the 2019 indictment to eight. Collectively with Capital One, a U.S. state agency, a U.S. public evaluation college and A world telecommunications conglomerate, the itemizing now Consists of A information and menace safety agency, An group That makes a speciality of digital rights administration (DRM), a supplier Of higher education studying know-how, and a supplier of name center options. The corporations Have not been identifyd, however safety agency CyberInt beforehand said that Vodafone, Ford, Michigan State University and the Ohio Division of Transportation might all be victims of the brevery.
Thompson, who used the deal with “erratic” on-line and was recognized after boasting about her actions on GitHub, stays accused of using her information from her earlier employment as a Computer software engineer at Amazon to create a program that recognized which clients of a cloud computing agency (the indictment doesn’t identify The agency, However it has been recognized as Amazon Internet Providers) had misconfigured firewalls. As quickly as the system found its goal misconfiguration, Thompson allegedly exploited it to extract privileged acrely credentials.
The prior indictment alleges That when Thompson gained entry to victims’ cloud infrastructure using the stolen credentials, she then entryed and downloaded knowledge to a server at her residence in Seattle. It stays unclear whether or not any of The information was handed To Third events.
In the case of the Capital One brevery, which The agency conagencyed in July 2019, the stolen knowledge comprised 106 million Financial institution card purposes, which embraced identifys, addresses, telephone numbers, and dates of delivery, alongside with 140,000 Social Security numbers, 80,000 Checking acrely numbers, And a few credit rating scores and transaction knowledge. Capital One, which changed its cybersafety chief 4 months after the incident, was niced $80 million in August 2020 for The safety brevery and its failure To maintain its clients’ monetary knowledge safe.
Prosecutors furtherly allege that Thompson copied and stole knowledge from A minimal of 30 entities in complete that used The identical cloud supplier, and declare that, in some circumstances, she used this entry to Arrange cryptocurrency mining operations using victims’ cloud computing power – a apply Usually acknowledged as cryptojacking.
Thompson pleaded not responsible and was launched on pre-trial bond in August 2019. She was initially set to face trial in November 2019, However the trial was delayed to March 2020 due to The Huge quantity Of information the prosecution Needed To evaluation.
The trial was later rescheduled to October 2020 due to the pandemic, then to June 2021, then October 2021, and now to March 14, 2022, with prosecutors nonetheless citing The want for extra time To evaluation The information collected from Thompson’s mannequins.
Source: https://techcrunch.com/2021/06/30/doj-files-7-new-charges-against-alleged-capital-one-hacker/