Capital One hacker under investigation for 30 more AWS data breaches

Posted:
in General Discussion edited August 2019
The Seattle hacker behind the major Capital One hack may have stolen data from many other organizations, with authorities claiming thefts have taken place from over 30 companies and entities in other thefts from Amazon Web Services.

Capital One office sign


At the end of July hacker Paige Thompson was arrested and charged for obtaining 140,000 Social Security numbers, one million Canadian Social Insurance Numbers, and 80,000 bank account numbers, along with the personal information of more than 100 million customers and applicants of Capital One. In new court filings, it appears Thompson performed a lot more attacks alongside that of Capital One.

According to a filing with the U.S. District Court for the Western District of Washington at Seattle, the US government said it was in support of a motion for detention of Thompson. As part of its recommendation, it notes Thompson was involved in "major cyber intrusions that resulted in the theft of massive amounts of data from what now appears to be more than 30 victim companies."

An examination of servers seized from Thomson's bedroom during a search of her residence relating to the Capital One hack was found to have "multiple terabytes of data stored by Thompson from more than 30 other companies, educational institutions, and other entities." The amount of data varies both in terms of type and amount, though the filing highlights "much of the data appears not to be data containing personal identifying information."

The government is working to identify specific entities from whom the data was stolen, as well as the types of data acquired in each case, with a view to add additional charges against Thompson for each theft of data.

Thompson told the government she has neither sold or shared the data with anyone, and that the copy of the data recovered from the server is the only version she created, though it is too early to determine if this is true.

While Thompson, who goes by the pseudonym "erratic," was previously a software engineer for Amazon Web Services, and that Capital One used AWS for hosting, it is not mentioned whether the other victims are also clients of Amazon for the cloud storage service.

The government agrees with the U.S. Probation and Pretrial Services Office recommendation Thomson remains detained, citing a "long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop," along with multiple calls to law enforcement prompted by the threats, and the filing of a protection order against Thompson.

It is also pointed out Thompson has been unemployed since 2016 and has no employment prospects if released. She also does't have an immediate home to go to, as her housemates told officials Thompson "is not welcome back at her residence."

The discovery of a "an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible" to Thompson owned by one of her housemates was also cited as a reason for detention, given the earlier threats.

"Thompson's crime in this case only exacerbates the harm that Thompson has done, and the threat she would pose if released," the U.S. government advises. "As a result, the Court should order Thompson detained, both as a danger to the community, and as a risk of non-appearance."

The Capital One hack is already a costly endeavor for the company, which has been notifying victims and offering free credit monitoring and identity protection, which will cost between $100 million and $150 million along with other tech and legal issues. After the revelation, the company's stock price also dropped approximately 10%, "erasing billions of dollars from the company's market capitalization."

Breaches are now a semi-regular occurrence for firms, with attacks evolving over time with the discovery of new vulnerabilities that need to be rectified in a timely fashion. Apple has largely remained immune to such issues, though there have been some small issues, such as supposed Israeli spyware that claims to be able to access iCloud-hosted data via a user's iPhone, as well as incidents similar to "Celebgate."

Apple uses Amazon's web services for some aspects of its iCloud service. It isn't clear which other other companies are involved at this point.

Comments

  • Reply 1 of 17
    StrangeDaysStrangeDays Posts: 12,834member
    Hey remember when there was moral outrage that Apple used Amazon cloud storage, and actually encrypted it? It wasn’t stolen or hacked, just merely being on Amazon caused the outrage. 
    mwhitewatto_cobra
  • Reply 2 of 17
    mwhitemwhite Posts: 287member
    I think prison for the rest of her life is just about right......
    watto_cobra
  • Reply 3 of 17
    mjtomlinmjtomlin Posts: 2,673member
    Hey remember when there was moral outrage that Apple used Amazon cloud storage, and actually encrypted it? It wasn’t stolen or hacked, just merely being on Amazon caused the outrage. 

    When most come across a subject they do not understand they prefer to remain ignorant rather than educate themselves in order to understand the situation. And even when they “try”, they mainly only look for sources that reinforce their “beliefs” rather than attempt to develop an opinion based on fact... After all, who likes to be wrong? And you’re never wrong if only listen to people that tell you you’re right.

    This was obviously a case of an “insider” hacking into a system she was familiar with. The responsibility of the security should rightly fall on Amazon’s shoulders, but privacy issues are on the company that stored their data on those servers. Let’s just hope that most of the companies who’s data was stolen, encrypted their data.
    edited August 2019 FileMakerFellermuthuk_vanalingamuraharabeowulfschmidtwatto_cobra
  • Reply 4 of 17
    What a worthless human being. His mental instability led to him compromising a third of the population in the U.S. No excuses for what he's done.
    watto_cobra
  • Reply 5 of 17
    badmonkbadmonk Posts: 1,285member
    She is not right & what is the story with her roommates???
    watto_cobra
  • Reply 6 of 17
    What a worthless human being. His mental instability led to him compromising a third of the population in the U.S. No excuses for what he's done.
    Who's he?  The hacker, Paige Thompson, is a woman.  The story is littered with references to "she".  Terrible person. Yes.  Mentally unstable. Yes.  Dude. No.

    Tangent: her handle, "erratic" is so on the nose that it almost seems scripted from one of those bad straight-to-dvd russian techno thriller Netflix is fond of these days.
    FileMakerFellermuthuk_vanalingam
  • Reply 7 of 17
    gutengelgutengel Posts: 363member
    I think that this "hacker" just had some stolen admin logins and just used then.
    watto_cobra
  • Reply 8 of 17
    eightzeroeightzero Posts: 3,056member
    gutengel said:
    I think that this "hacker" just had some stolen admin logins and just used then.
    I'm not sure how to differentiate a "hacker" from a thief. Is the term "hacker" some sort of badge of honor amongst computer professionals? If an individual carries away your property with the intent to deprive you of it permanently (i..e commit the crime of larceny) have you been "hacked?" Why don't police charge such people with "hacking?" 
    watto_cobra
  • Reply 9 of 17
    The part about her housemate having "an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible" seems as troublesome if not more so. 
    chasmwatto_cobra
  • Reply 10 of 17
    eightzero said:
    gutengel said:
    I think that this "hacker" just had some stolen admin logins and just used then.
    I'm not sure how to differentiate a "hacker" from a thief. Is the term "hacker" some sort of badge of honor amongst computer professionals? If an individual carries away your property with the intent to deprive you of it permanently (i..e commit the crime of larceny) have you been "hacked?" Why don't police charge such people with "hacking?" 

    I guess "White Hat hacker" is a badge of honour since those hackers generally fall under the purview of "ethical hacking". Grey Hat hackers are really a grey area, but Black Hat hackers would be, as you say, thieves.
    watto_cobra
  • Reply 11 of 17
    eightzero said:
    gutengel said:
    I think that this "hacker" just had some stolen admin logins and just used then.
    I'm not sure how to differentiate a "hacker" from a thief. Is the term "hacker" some sort of badge of honor amongst computer professionals? If an individual carries away your property with the intent to deprive you of it permanently (i..e commit the crime of larceny) have you been "hacked?" Why don't police charge such people with "hacking?" 
    "Hacker" originated as a term of respect, signifying someone who could quickly adapt to a system or problem and implement a change that gave a quick solution with minimal bad side effects. In a lot of ways the term "cowboy" is similar - the positive connotations of someone who works quickly and effectively in a messy situation, and the negative connotations of someone who rejects authority and enforced teamwork.

    Within the industry (back in the mists of time) anyone who broke into systems was called a "cracker" (the term was an adaptation of "safe-cracker") and such people were almost always skilled hackers anyway. Outside the computer world, the distinction between the terms was largely ignored and people used "hacker" because it was the newer word.
    edited August 2019 watto_cobra
  • Reply 12 of 17
    uraharaurahara Posts: 733member
    What a worthless human being. His mental instability led to him compromising a third of the population in the U.S. No excuses for what he's done.
    Read the dann article before commenting on it!
  • Reply 13 of 17
    GeorgeBMacGeorgeBMac Posts: 11,421member
    This is the second time it has come out that AWS servers were (likely) hacked while Apple stored OUR data on them.

    # E N O U G H !


    Tim's denials carry no more weight than the CEO of any other company that saved money while putting their customer's data at risk.  

    ....  Now I'm waiting for the fools to come out proclaiming:  "But it's fool proof!   It CAN'T be broken -- EVER!"   ...   ROFL....
  • Reply 14 of 17
    Wgkrueger said:
    The part about her housemate having "an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible" seems as troublesome if not more so. 
    So, weapons unused are more troublesome than actual stolen data.
    watto_cobra
  • Reply 15 of 17
    GeorgeBMacGeorgeBMac Posts: 11,421member
    Wgkrueger said:
    The part about her housemate having "an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible" seems as troublesome if not more so. 
    So, weapons unused are more troublesome than actual stolen data.
    No, you missed the point:   She was unstable and prone to violence -- and those weapons provided a ready means for yet another massacre.   They couldn't take the weapons, so they took her out of the situation.
    muthuk_vanalingam
  • Reply 16 of 17
    GeorgeBMacGeorgeBMac Posts: 11,421member
    Wgkrueger said:
    The part about her housemate having "an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible" seems as troublesome if not more so. 
    So, weapons unused are more troublesome than actual stolen data.
    No, not at all....   She was known to be unstable and prone to violence -- and those weapons provided a ready means of yet another massacre.   Authorities could not take the weapons, so they took her out of that situation.
  • Reply 17 of 17
    NOT A HACKER! He/She/It merely scanned AWS / S3 instances until insecure hosts were found then He/She/It downloaded data and bragged about it. Likely ran a rather simply python script using some inside information about AWS / S3 learned while being employed briefly by Amazon. He/She/It is also mentally ill in a big way.  

    The big crime is those companies like Capital One and the 30 others who did not secure their Cloud infrastructure properly.  
    watto_cobra
Sign In or Register to comment.