A former Amazon software engineer accused of breaching Capital One’s data servers as indicated by a Federal grand jury, reveals instances of crypto-jacking at the heart of her scheme.
Paige Thompson accessed at least a total of 30 institutions’ servers between March and July 2019 which is being managed by an unnamed cloud computing company, compromising at least 100 million customer accounts. This information is according to a release published Wednesday.
With no indication, Thompson actually tried to sell this information, she did use stolen computing power to mine cryptocurrencies.
To gain access to rented cloud servers, Thompson scanned and misconfigured vulnerable web firewalls. She then duplicated sensitive “huge data” to her own server kept at home, and then using the anonymizing TOR browser, her tracks will be properly covered. According to the indictment.
According to the prosecuting attorneys Steven Masada and Andrew Friedman,
“The aim was also to gain access to the customers’ servers in other ways for her own benefit, as well as using those servers for cryptojacking,”
Over Slack and Twitter DMs, Thompson expressed more about her fraudulent activities online. At a time under an alleged pseudonym, she posted messages referring to crypto jacking over a Slack channel.
“If I had a partner I could have them take over my cryptojacking enterprise as i will be employed soon and be a stay at home,” the message reads, according to a report by Forbes staffer Thomas Brewster.
“I think someone is onto me because for some reasons i lost a whole fleet of miners all at the same time.” Another Slack message reads.
Thompson exposed some of her activities after she shared information on GitHub relating to her theft of information from Capital One’s rented servers.
Three unnamed victims including a state agency, a public research university and a telecommunications conglomerate outside the U.S. were the indictment cited as well.
If found guilty of the charges which includes two counts of wire fraud and computer fraud. she will not excape 25 years imprisonment.
Additionally, her ill-gotten gains, or equivalent assets if inaccessible or untraceable has to be forfeited.
Credits: Daniel KuhnJOIN OUR COMMUNITY