Paige Thompson, a transgender woman, suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations has been indicted on wire fraud and computer fraud.
In July, Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breachthat exposed personal information from 106 million Capital One credit applications.
Paige Thompson, a former Seattle technology company software engineer that goes online with the handle “erratic,” breached the systems at Capital One and gained access to the huge trove of personal information. Law enforcement identified and arrested the hacker.
Now the Department of Justice announced that Thompson has been indicted by a federal grand jury and will be arraigned on September 5 in the U.S. District Court in Seattle.
“A former Seattle technology company software engineer was indicted today by a federal grand jury on two counts related to her unauthorized intrusion into stored data of more than 30 different companies, announced U.S. Attorney Brian T. Moran.” reads the press release published by DoJ. “PAIGE A. THOMPSON a/k/a erratic, 33, will be arraigned on the indictment in U.S. District Court in Seattle on September 5, 2019. THOMPSON remains in custody.”
The indictment explicitly names only Capital One as one of the THOMPSON‘s victims, but it also reports other three victims of the hacker that have been referred as a state agency outside the State of Washington; a telecommunications conglomerate outside the United States; and a public research university outside the State of Washington.
All the victims used the same Cloud Computing Company, even if it was not specifically mentioned they used the services of Amazon Web Services (AWS).
According to the indictment, Paige THOMPSON created a scanning software that used to identify AWS customers who had misconfigured their firewalls, then the hacker accessed their servers to steal data, and to “mine”
“According to the indictment, THOMPSON created scanning software that allowed her to identify customers of a cloud computing company who had misconfigured their firewalls, allowing outside commands to penetrate and access their servers. THOMPSON used this access not only to steal data, but also used stolen computer power to “mine”
Prosecutors have found no evidence that Thompson sold or leaked online the stolen data.
Thompson faces up to 25 years in prison due to the charges in the indictment. Last week, a U.S.
(SecurityAffairs – Capital One, hacking)