DOJ filed seven new charges against alleged Capital One hacker – TechCrunch

The US Department of Justice (DOJ) has filed seven new charges against former Amazon Web Services Page Thompson ()AWS) Engineer blames Capital One Hacking Steals the personal data of over 100 million Americans.

New rates, including six computer crime control laws and one access device fraud, Court documents Obtained by, submitted earlier this month Record.. Previous indictments charged Thompson with 1 count each for wire fraud and computer crime and abuse. This means she faced five to five imprisonments and a fine of up to $ 250,000. As a result of the surcharge, Thompson is currently facing up to 20 years in prison.

The replaced indictment also increased the number of affected companies from the four listed in the 2019 indictment to eight. In addition to Capital One, US state agencies, US public research universities, and international telecommunications conglomerates, the list now includes data and threat protection companies, organizations that specialize in digital rights management. (DRM), Higher Education Learning Technology Provider, and Call Center Solutions Supplier. The company is unnamed, Security company Cyber ​​Int said earlier Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation can all be victims of the breach.

Identified after using an “unstable” handle online and boasting of activity on GitHub, Thompson used the knowledge gained from his previous employment as a software engineer on Amazon to create a cloud computing company We continue to be blamed for creating programs that identify which customers. (The indictment does not name the company, Identified as Amazon Web Services) The firewall was not configured correctly. When the tool found a target misconfiguration, Thompson allegedly exploited it to extract privileged account credentials.

Earlier indictments alleged that when Thompson used the stolen credentials to access the victim’s cloud infrastructure, he accessed and downloaded the data to a server at his home in Seattle. It is unknown if the information was passed to a third party.

in the case of Capital One In a breach that the company confirmed in July 2019, the stolen data included name, address, phone number, date of birth, 140,000 social security numbers, 80,000 bank account numbers, and some credits. It contained 106 million credit card applications, including scores. And transaction data. Capital One, Replaced cybersecurity chief four months after the incident,was $ 80 million fine In August 2020, a security breach and the inability to keep user financial data secure.

Prosecutors also alleged that Thompson copied and stole data from a total of at least 30 entities using the same cloud provider, and in some cases used this access to use the victim’s cloud computing capabilities. Claims to have set up a cryptocurrency mining operation. A practice known as cryptojacking..

Thompson was acquitted and released in August 2019 on pretrial bonds. She was originally scheduled to be tried in November 2019, but the trial was postponed to March 2020 due to the vast amount of information the prosecution had to analyze.

The trial was then rescheduled for the pandemic in October 2020, then in June 2021, and then in October 2021. From now until March 14, 2022The prosecutor still states that more time is needed to analyze the data collected from Thompson’s devices. DOJ filed seven new charges against alleged Capital One hacker – TechCrunch

Back to top button