paige thompson – WindowsTechs.com

Alleged Capital One hacker Paige Thompson to be released before trial

Posted on November 5, 2019 by Jeff Stone

Paige Thompson will be free to move throughout the Seattle area before her case goes to trial. The accused Capital One hacker is scheduled to be released from jail Tuesday after a judge determined the 33-year-old defendant does not pose enough of a threat to the community to warrant her incarceration. Thompson, who is transgender, was arrested in July for allegedly hacking Capital One to access information about 106 million people, and has been held in a men’s detention center in Seattle in the months since. U.S. District Judge Robert Lasnik previously told attorneys he was “very concerned” about whether Thompson would receive adequate mental health treatment from the Bureau of Prisons, citing previous cases in which trans inmates have resorted to self-harm behind bars. The former Amazon Web Services software engineer is charged with computer fraud and abuse and wire fraud in connection with a breach at Capital One. Prosecutors say […]

The post Alleged Capital One hacker Paige Thompson to be released before trial appeared first on CyberScoop.

Continue reading Alleged Capital One hacker Paige Thompson to be released before trial→

Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach

Posted on October 24, 2019 by Jeff Stone

Sens. Elizabeth Warren and Ron Wyden are asking federal regulators to investigate whether Amazon’s cloud computing unit made any mistakes that could have led to a breach at Capital One involving the data of more than 100 million people. Warren, D-Mass., and Wyden, D-Ore., want the Federal Trade Commission to probe whether Amazon Web Services failed to account for a hacking technique known as a “server side request forgery.” Capital One is one of the few major financial companies — if not the only one — to rely on AWS and its public cloud to protect its information, portraying the decision as a move to modernize its business. “Amazon knew, or should have known, that AWS was vulnerable to SSRF attacks,” the senators wrote in the letter, sent Thursday. “Although Amazon’s competitors addressed the threat of SSRF attacks several years ago, Amazon continues to sell defective cloud computing services to business, government agencies and to the general […]

The post Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach appeared first on CyberScoop.

Continue reading Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach→

Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say

Posted on October 16, 2019 by Jeff Stone

Investigators probing the Capital One data breach say they have between 20 and 30 terabytes of data in their possession as they prepare for trial against the alleged hacker, Paige Thompson, according to court documents obtained by CyberScoop. The government now is parsing through millions of individual files, prosecutors said, as well as a spreadsheet agents say they found recently on Thompson’s computer, which contains aggregated information apparently stolen from Capital One. “[B]asically, each line is one credit card applicant and information about that person,” Assistant U.S. Attorney Andrew Friedman told a federal court during a detention hearing Oct. 4. “Some of it is coded information that means nothing to us, like what particular offer they received; some of it … is the names and dates of birth and the last four digits of Social Security numbers and things like that. … It’s hard to know exactly what this is.” Friedman […]

The post Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say appeared first on CyberScoop.

Continue reading Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say→

Accused Capital One hacker pleads not guilty to all charges

Posted on September 5, 2019 by Jeff Stone

Paige Thompson has pleaded not guilty to all charges in connection with a data breach at Capital One that resulted in the compromise of information about roughly 106 million people. Thompson appeared in Western District of Washington federal court on Thursday for the first time after she was arrested on July 29 on charges related to the Capital One hack. A federal grand jury previously had indicted Thompson on two criminal counts, wire fraud and computer fraud and abuse, for which she could be sentenced to up to 25 years in prison if convicted. Upon being advised of her charges and pleading not guilty Thursday, Thompson was taken back into custody. A jury trial is scheduled to begin Nov. 4. Thompson, a software engineer, formerly worked for AWS, the cloud computing giant on which Capital One relies to store sensitive data. She allegedly built a customer scanning software that searched […]

The post Accused Capital One hacker pleads not guilty to all charges appeared first on CyberScoop.

Continue reading Accused Capital One hacker pleads not guilty to all charges→

Capital One cryptojacking suspect indicted

Posted on September 2, 2019 by Lisa Vaas

The former software engineer allegedly created scanners to look for misconfigured servers rented from a cloud computing company. Continue reading Capital One cryptojacking suspect indicted→

Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking

Posted on August 29, 2019 by Wang Wei

Former Amazon employee Paige Thompson, who was arrested last month in relation to the Capital One data breach, has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies.

An indictment unsealed on Wednesday… Continue reading Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking→

Indictment of Capital One suspect alleges breaches of 30 companies, cryptojacking

Posted on August 29, 2019 by Jeff Stone

A federal grand jury indicted Paige Thompson, the accused Capital One hacker, in connection with allegations that she accessed data on more than 30 companies and used that illicit access to generate cryptocurrency, the Department of Justice said Wednesday. Thompson was arrested on July 29 on suspicion of hacking into the bank’s systems and accessing data on roughly 106 million people. The indictment this week reiterates many of the allegations laid out in last month’s FBI complaint against Thompson, adding accusations that she obtained sensitive data from companies outside Capital One, including an unnamed university and a telecommunications firm. Federal attorneys from the Western District of Washington also say Thompson, upon breaching victim organizations, leveraged their computing power to mine for cryptocurrency, an activity known as cryptojacking. Thompson, 33, is a Seattle-based software engineer who formerly worked for Amazon Web Services, the cloud computing giant on which Capital One relies to […]

The post Indictment of Capital One suspect alleges breaches of 30 companies, cryptojacking appeared first on CyberScoop.

Continue reading Indictment of Capital One suspect alleges breaches of 30 companies, cryptojacking→

Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson

Posted on August 16, 2019 by Jeff Stone

If the alleged Capital One hacker also took information from dozens of other companies, as investigators suspect, then Amazon Web Services isn’t aware of it, according to the cloud computing giant. The company outlined its findings in a letter to Sen. Ron Wyden, D-Ore., who had sought more detail on how a reported misconfiguration in Capital One’s AWS server would have made it possible for a single individual to steal information about more than 100 million people. The letter said AWS is not aware of any breaches at other “noteworthy” customers, cautioning that there “may have been small numbers of these that haven’t been escalated to us.” This follows court filings indicating government investigators are probing whether the accused hacker, Paige Thompson, also took data from more than 30 other companies, along with Capital One. Wyden asked whether any vulnerabilities in the AWS cloud service — which serves millions of customers – contributed to the […]

The post Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson appeared first on CyberScoop.

Continue reading Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson→

Alleged Capital One hacker may have taken data from dozens of companies, feds say

Posted on August 14, 2019 by Greg Otto

The person allegedly behind the recent Capital One hack may have siphoned data from more than 30 other companies, according to federal court filings made public Wednesday. In a motion for detention filed in the Western District of Washington state, the U.S. government said investigators found that Paige Thompson took data from multiple companies, and not just Virginia-based bank. The revelation was part of the evidence used to argue that Thompson must be detained before trial, or else pose a danger to the community and a risk of skipping out on further court dates. Thompson, who is currently in federal custody in Washington state, has been charged with stealing data on 106 million Capital One customers after taking advantage of a misconfigured firewall in the bank’s cloud computing system. According to the latest filing, the government has allegedly found terabytes of additional data Thompson took from more than 30 “companies, educational institutions, and […]

The post Alleged Capital One hacker may have taken data from dozens of companies, feds say appeared first on CyberScoop.

Continue reading Alleged Capital One hacker may have taken data from dozens of companies, feds say→

What Capital One’s cybersecurity team did (and did not) get right

Posted on August 2, 2019 by Greg Otto

There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]

The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.

Continue reading What Capital One’s cybersecurity team did (and did not) get right→