Thompson used a self-built software tool to breach Capital One’s cloud, managing to hijack computer servers and mine cryptocurrency for herself, the U.S. Attorney’s Office said. The incident resulted in an $80 million fine for Capital One by the U.S. Treasury, while the bank also had to settle $190 million worth of customer lawsuits.
Several Charges of Wire Fraud and Computer Intrusions
The Capital One incident is just one of seven charges of wire fraud and computer intrusion brought against Thompson, who was arrested in July 2019 following an FBI Seattle Cyber Task Force crackdown. A complaint filed with the U.S. District Court stated that the bank received a tip about Thompson’s activity on software development hub GitHub via an anonymous user. Capital One received an email stating that there were hundreds of stolen files, such as Capital One customers’ names and encrypted Social Security numbers in Thompson’s possession. Later, law enforcement also confirmed that she was using virtual private network software “IPredator” in an attempt to anonymize herself online while running a group on the online social media app Meetup. “Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” Brown said. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.” Thompson faces up to 20 years in prison for the wire fraud violations and up to five years for each charge of accessing and damaging protected computers. She was acquitted of access device fraud and aggravated identity theft charges. U.S. District Judge Robert S. Lasnik will hand out sentencing on September 15, 2022.
Thompson Used a Custom-Built Tool
With a “tool she built,” Thompson scanned AWS looking for “misconfigured accounts,” the U.S. DoJ’s press release said. Consequently, this led to her being able to hack into misconfigured accounts and “download the data of more than 30 entities, including Capital One Bank.” While she was in the system, Thompson planted cryptocurrency mining scripts on “new servers,” and diverted all generated income “to her online wallet,” the DoJ said. She spent “hundreds of hours advancing her scheme,” while showboating to others on online forums and via text.
An “Erratic” Character
According to court papers obtained by the Associated Press, defense attorneys argued that Thompson battled mental health issues and claimed she had no intention of profiting from the obtained data. Her defense also stressed that there was no evidence of anyone’s identity being misused. Following her arrest, Thompson’s friends and associates told the AP she was a “skilled programmer and software architect” but said they knew she had an unstable personality. She overshared in chat groups, was frequently profane, expressed gender-identity distress, and had her “ups and downs,” they said in interviews. What is more, she stalked and harassed two of her former roommates who took out a restraining order against her. Her friends also told the AP they believed that following her short stint at AWS between 2015 – 2016, Thompson claimed to be battling serious depression coupled with unemployment — which could have been the attention-seeking and financial drivers behind the hack.
The Importance of Secure Cloud Storage
Cloud storage has become a popular attack vector for cybercriminals, with ever more sensitive data being stored there by organizations small and large. Misconfigured cloud storage solutions are an invitation for cybercriminals. Recently, we’ve uncovered several examples where an AWS bucket was left unsecured — such as the Sephora and Switch fintech breaches. You may find our expert breakdown on securing and protecting AWS S3 buckets useful if you belong to an organization using this kind of storage. If you are a personal cloud storage user, check out our top 5 most secure cloud options to ensure your data is in good hands.