728 x 90

Capital One hacker mined cryptocurrency on cloud servers of more than 30 companies

Capital One hacker mined cryptocurrency on cloud servers of more than 30 companies

The DoJ continues to assert that there is no evidence that Thompson sold, exploited or shared purloined Capital One data Paige Thompson, the alleged hacker behind the Capital One compromise, used the hacked servers of more than 30 companies to mine cryptocurrency. That’s according to the freshly unsealed indictment, which alleges that Thompson “created scanning

Capital One hacker mined cryptocurrency on cloud servers of more than 30 companies

The DoJ continues to assert that there is no evidence that Thompson sold, exploited or shared purloined Capital One data

Paige Thompson, the alleged hacker behind the Capital One compromise, used the hacked servers of more than 30 companies to mine cryptocurrency.

That’s according to the freshly unsealed indictment, which alleges that Thompson “created scanning software that allowed her to identify customers of a cloud computing company who had misconfigured their firewalls”, enabling Thompson to access their backend servers.

The indictment alleges that Thompson not only downloaded data, but also used her access to those servers to mine cryptocurrency “for her own benefit”.

The Department of Justice hasn’t revealed all the 30+ organisations that Thompson cracked but indicated that the victims include a public-sector agency and a university in the US, and a telecoms “conglomerate” outside the US.

The indictment continues: “Law enforcement became aware of Thompson’s activity after she shared information with another user on the site GitHub relating to her theft of information from the servers storing Capital One data.

“On July 17, 2019, the GitHub user alerted Capital One to the possibility it had suffered a data theft. After determining on July 19, 2019, that there had been an intrusion into its data, Capital One contacted the FBI,” the Department of Justice revealed in a statement. “Investigators have found no evidence that Thompson sold or disseminated any of the information she accessed,” it added.

While Thompson downloaded sensitive customer information, the Department of Justice continues to assert that it has found no evidence that it was sold, exploited or shared more widely.

The Capital One security breach was publicly revealed in July. It exposed the personal information of 106 million Americans and Canadians. Thompson was arrested within days following a raid on her home.

Thompson was identified by a number of basic operational security mistakes that prosecutors claim definitively linked her with the Capital One compromise. 

Further reading

[ad_2]

Source link

Susan E. Lopez
ADMINISTRATOR
PROFILE

Posts Carousel

Leave a Comment

Your email address will not be published. Required fields are marked with *

Latest Posts

Top Authors

Most Commented

Featured Videos