Ex-AWS employee behind Capital One hack also infiltrated its cloud servers to mine crypto
Court documents have revealed more details about the alleged hacker’s extensive operation
The former Amazon Web Services employee who allegedly hacked Capital One bank in July has been accused of breaching the bank’s cloud servers to mine cryptocurrency.
Paige Thompson – who goes by the moniker “erratic” – was indicted yesterday for stealing data from Capital One and 30 other entities, and has been charged with wire fraud, and computer fraud and abuse, according to Seattle court documents.
Thompson is accused of exploiting AWS customers’ misconfigured cloud servers in order to obtain credentials and seize customer data. Thompson identified misconfigured servers with a network scanner to which they then sent specific commands that obtained AWS account credentials.
While this part of the ex-AWS employee’s exploits was known, the court documents have revealed another side to Thompson’s operation, accusing her of cryptojacking – using server access to install crypto miners that use compute to “mine” cryptocurrency.
The court documents do not reveal how successful Thompson was or for how long they were using server power for cryptojacking, although on Slack they boasted of operating a ‘crypto-jacking enterprise’.
“I’ll be employed again soon and if I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home,” they said under a pseudonym.
Under another alias, one month before they were apprehended, Thompson wrote:”For some reason [I] lost a whole fleet of miners all at the same time, so [I] think someone is onto me.”
It is also unclear from the documents how many records Thompson seized from the 30 other still-unnamed entities they hacked. Thompson is known to have stolen the personal data of 100,000,000 Capital One customers who had applied for credit cards from the bank.
One entity labelled “Victim 1” in the court documents is a telecommunications conglomerate located outside of the US that serves customers in Europe, Asia, Africa and Oceania.
Thompson remains in custody and will appear in court on September 5, where if found guilty will face a maximum sentence of 25 years imprisonment.