Source: National Cyber Security News Today
A former female engineer of Amazon’s Cloud arm, Amazon Web Services, has been reportedly found guilty of hacking into cloud storage systems of over 100 million customers, and stealing data connected to the 2019 Capital One breach.
The former tech worker, Paige Thompson was convicted in the US District Court in Seattle. She was found guilty of seven federal crimes linked to her scheme to hack into cloud computer data storage accounts, and stealing data linked to the computers for her own advantage. Thompson was apprehended in July 2019 following Capital One alerting FBI to her hacking activity.
US Attorney Nick Brown stated how the ex-AWS engineer ‘used her hacking skills’ in order to steal personal data of over 100 million people. Additionally, hijacking ‘computer servers to mine cryptocurrency.’ Additionally, he said Thompson was way ‘far from just an ethical hacker’ attempting to aid firms with their computer security. She ‘exploited mistakes’ in order to steal precious data and ‘sought to enrich herself.’
The 36-year-old was found guilty of wire fraud, five instances of unauthorised access to a secured computer, and causing damage to a protected device. However, she was found not guilty by the jury of access device fraud, along with aggravated identity theft.
“She wanted data, she wanted money, and she wanted to brag,” Assistant US Attorney Andrew Friedman said.
Prosecutors showed online chats and texts where Thompson visibly herself said that she used a tool she built for scanning accounts of Amazon Web Services to identify misconfigured accounts. Subsequently, she used these accounts to hack and download the information of over 30 entities, which included Capital One bank.
Thompson managed to plant cryptocurrency mining software with some of the illegal accesses, on new servers with the profit from the mining going straight to her account. She reportedly spent hours and hours improving her schemes, boasting about her illegal conduct to other people by means of online forums or text.
This intrusion to accounts of Capital One affected way over 100 million customers in the country. Moreover, the company faced the imposition of a $80 million fine, along with settling customer lawsuits for about $190 million.
The punishment for committing wire fraud could go up to a maximum of 20 years in prison. Accessing a protected computer by illegal means, and damaging such a device is punishable to a maximum of 5 years in prison. Crucially, the final sentence is up to Judge Lasnik who is set to consider the sentencing guideline, along with other statutory factors.