Tag Archive for: convicted

Capital One Hacker Convicted of 7 Federal Crimes

/in


A former Amazon engineer has been convicted of seven federal crimes after she was caught stealing the personal data of over 100 million people.

Following a seven-day trial and 10-hour deliberation by the jury, 36-year-old Paige A. Thompson was convicted on Friday(Opens in a new window) in the US District Court in Seattle of seven federal crimes including wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said US Attorney Nick Brown. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”

Thompson was arrested in July 2019 when Capital One alerted the FBI to a hacking incident. After having previously worked as an engineer at Amazon, Thompson wrote a tool that scanned Amazon Web Services (AWS) accounts for misconfigurations.

She discovered more than 30, one of which was Capital One’s account, and proceeded to steal personal data stored in the accounts as well as installing cryptocurrency mining software for her own personal gain. The hacking netted Thompson the personal data over 100 million US Capital One customers, which she then bragged about via text and online forums.

Recommended by Our Editors

In his closing arguments at the trial, Assistant United States Attorney Andrew Friedman said, “She wanted data, she wanted money, and she wanted to brag.” Now she’ll get to brag about her actions in prison.

Sentencing for Thompson is scheduled to happen on Sept. 15, and according to CNBC(Opens in a new window), wire fraud carries up to 20 years in prison, where as each of the other charges carry up to five years each.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Source…

Former Amazon employee convicted of stealing data from more than 100M people – WPXI

/in


Former Amazon employee convicted of stealing data from more than 100M people (NCD)

SEATTLE — A former Amazon Web Services engineer was found guilty Friday of stealing data from more than 100 million people when she hacked Capital One three years ago.

Paige Thompson, who worked for the software giant until 2016, was convicted Friday of seven federal crimes, including wire fraud, illegally accessing a protected computer and damaging a protected computer, CNBC reported.

>> Read more trending news

While the wire fraud conviction carries up to 20 years in prison, the two lessor charges are each punishable by as many as five years in prison.

According to a news release issued by the U.S. Attorney’s Office’s western district of Washington, the jury found Thompson not guilty of aggravated identity theft and access device fraud. The panel deliberated for 10 hours.

Prosecutors argued at trial that Thompson created a tool to search for misconfigured AWS accounts, allowing her to hack into accounts from more than 30 Amazon clients, including Capital One. In addition to mining the data she found in the compromised accounts, Thompson was also accused of using her access to some of the retail behemoth’s servers to mine cryptocurrency for her personal benefit, CNBC reported.

“She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said of Thompson during his closing arguments, the network reported.

According to The Verge, Thompson’s breach, one of the largest on record, exposed the names, birth dates, social security numbers, email addresses and phone numbers of more than 100 million U.S. and Canadian residents.

Capital One has since been fined $80 million in regulatory fines for allegedly failing to secure users’ data and settled with affected customers for $190 million, the technology news outlet reported.

“Far from being an ethical hacker trying to help companies with their computer security, (Thompson) exploited mistakes to steal valuable data and sought to enrich herself,” U.S. Attorney Nick Brown stated in the news release confirming her conviction.

Thompson is slated to be sentenced Sept. 15.

©2022 Cox Media Group

Source…

Former Amazon employee convicted of stealing data from more than 100M people – KIRO 7 News Seattle

/in


SEATTLE — A former Amazon Web Services engineer was found guilty Friday of stealing data from more than 100 million people when she hacked Capital One three years ago.

Paige Thompson, who worked for the software giant until 2016, was convicted Friday of seven federal crimes, including wire fraud, illegally accessing a protected computer and damaging a protected computer, CNBC reported.

>> Read more trending news

While the wire fraud conviction carries up to 20 years in prison, the two lessor charges are each punishable by as many as five years in prison.

According to a news release issued by the U.S. Attorney’s Office’s western district of Washington, the jury found Thompson not guilty of aggravated identity theft and access device fraud. The panel deliberated for 10 hours.

Prosecutors argued at trial that Thompson created a tool to search for misconfigured AWS accounts, allowing her to hack into accounts from more than 30 Amazon clients, including Capital One. In addition to mining the data she found in the compromised accounts, Thompson was also accused of using her access to some of the retail behemoth’s servers to mine cryptocurrency for her personal benefit, CNBC reported.

“She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said of Thompson during his closing arguments, the network reported.

According to The Verge, Thompson’s breach, one of the largest on record, exposed the names, birth dates, social security numbers, email addresses and phone numbers of more than 100 million U.S. and Canadian residents.

Capital One has since been fined $80 million in regulatory fines for allegedly failing to secure users’ data and settled with affected customers for $190 million, the technology news outlet reported.

“Far from being an ethical hacker trying to help companies with their computer security, (Thompson) exploited mistakes to steal valuable data and sought to enrich herself,” U.S. Attorney Nick Brown stated in the news release confirming her conviction.

Thompson is slated to be sentenced Sept. 15.

©2022 Cox Media Group

Source…

Woman convicted in massive Capitol One hack – The Morning Call

/in


A federal jury on Friday convicted a former Seattle tech worker of several charges related to a massive hack of Capital One bank and other companies in 2019.

Paige Thompson, 36, a former Amazon software engineer who used the online handle “erratic,” obtained the personal information of more than 100 million people — a data breach that prompted Capital One to reach a tentative $190 million settlement with affected customers. The Treasury Department also fined the company $80 million for failing to protect the data.

Following a seven-day trial, the Seattle jury found her guilty of wire fraud, unauthorized access to a protected computer and damaging a protected computer. The jury acquitted her of other charges, including access device fraud and aggravated identity theft.

Thompson’s attorneys argued that she struggled with mental health issues, never intended to profit from the data she obtained, and said in court papers “there is no credible or direct evidence that a single person’s identity was misused.”

Federal prosecutors said she didn’t just steal the data, but also planted software on servers she unlawfully accessed to steal computing power to mine cryptocurrency.

Last Call

Last Call

Daily

Get top headlines from The Morning Call delivered weekday afternoons.

“Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself,” Seattle U.S. Attorney Nick Brown said in a news release.

Wire fraud is punishable by up to 20 years in prison, while the other charges can bring a five-year maximum. U.S. District Judge Robert Lasnik is scheduled to sentence Thompson in September.

In interviews with The Associated Press following her arrest, friends and associates described Thompson as a skilled programmer and software architect whose career and behavior — oversharing in chat groups, frequent profanity, expressions of gender-identity distress and emotional ups and downs — mirrored her online handle.

At one point, two former roommates obtained a protection order against her, saying she had been stalking and harassing them.

Thompson joined Amazon in 2015 to work at Amazon Web Services, a…

Source…