A Seattle jury has discovered Paige Thompson, a former Amazon software program engineer accused of stealing information from Capital One in 2019, responsible of wire fraud and 5 counts of unauthorized entry to a protected laptop. The Capital One hack was one of many greatest safety breaches within the US and compromised the info of 100 million individuals within the nation, together with 6 million individuals in Canada. Thompson was arrested in July that 12 months after a GitHub consumer noticed her put up on the web site sharing details about stealing information from servers storing Capital One info.
According to the Department of Justice, Thompson used a software she constructed herself to scan Amazon Web Services for misconfigured accounts. She then allegedly used these accounts to infiltrate Capital One’s servers and obtain over 100 million individuals’s information. The jury has determined that Thompson violated the Computer Fraud and Abuse Act by doing so, however her attorneys argued that she used the identical instruments and technique additionally utilized by moral hackers.
The Justice Department just lately amended the Computer Fraud and Abuse Act to guard moral or white hat hackers. As lengthy as researchers are investigating or fixing vulnerabilities in “good religion” and are not utilizing the safety holes they uncover for extortion or different malicious functions, they’ll not be charged below the legislation.
US authorities, nevertheless, disagreed with the assertion that she was solely attempting to show Capital One’s vulnerabilities. The Justice Department stated she planted cryptocurrency mining software program onto the financial institution’s servers and despatched the earnings straight to her digital pockets. She additionally allegedly bragged in regards to the hack on on-line boards.
“Far from being an moral hacker attempting to assist firms with their laptop safety, she exploited errors to steal priceless information and sought to counterpoint herself,” US Attorney Nick Brown stated. Thompson could possibly be sentenced with as much as 20 years of jail time for wire fraud and as much as 5 years for every cost of illegally accessing a protected laptop. Her sentencing listening to is scheduled for September fifteenth.