Previous Amazon representative indicted north of 2019 Capital One hack

A previous Amazon Web Services (AWS) engineer has been viewed as at fault for hacking into clients’ distributed storage frameworks and taking information connected to the huge 2019 Capital One break. A US District Court in Seattle sentenced Paige Thompson to seven counts of PC and wire extortion on Friday, wrongdoing deserving as long as 20 years in jail.

Thompson, who additionally went by the name “Flighty” on the web, was captured for doing the Capital One hack in July 2019. The break was one of the biggest at any point recorded, uncovering the names, birth dates, federal retirement aide numbers, email locations, and telephone quantities of the north of 100 million individuals in the US and Canada. Capital One has since been fined $80 million for purportedly neglecting to get clients’ information and settled with impacted clients for $190 million.

A public statement from the Department of Justice (DOJ) states Thompson fostered an instrument that checked AWS for misconfigured records and afterward utilized these records to get close enough to the frameworks of Capital One and many other AWS clients. Examiners additionally say Thompson “commandeered” organizations’ servers to introduce digital currency mining programming that would move any income to her crypto wallet. She then, at that point “gloated” about her misdeeds in web-based gatherings and over instant messages.

At that point, there was some discussion concerning whether Thompson was a moral programmer or security specialist because of her strange genuineness about her job in the Capital One assault on the web — she posted clients’ touchy information on a public GitHub page and shared the subtleties of the break on Twitter and Slack. Recently, the Justice Department clarified that it wouldn’t arraign security specialists under the Computer Fraud and Abuse Act. Be that as it may, US investigators weren’t persuaded Thompson’s activities fell under this exemption.

“A long way from being a moral programmer attempting to assist organizations with their PC security, she took advantage of missteps to take important information and tried to enhance herself,” US lawyer Nick Brown said in a proclamation. Thompson’s condemning hearing will happen on September fifteenth, 2022.