As per the latest report from the Department of Justice (DOJ), the woman who hacked Capital One bank used the cloud servers to mine cryptocurrencies.
Software engineer Paige Thompson was recently charged with the Capital One bank data breach in which the personal data of over a 100 million people was exposed. Not only has she been accused of the data breach, she reportedly used the stolen computing power for mining cryptocurrencies. She will be arraigned in U.S District Court in Seattle on Sept 5 and she may face up to 25 years in prison if found guilty.
How it Began
The report elaborates that she used a pseudonym on Slack and wrote;
“I’ll be employed again soon and if I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home,”
It appears that she used another alias in late June for sharing a quick message that reads;
“For some reason [I] lost a whole fleet of miners all at the same time, so [I] think someone is onto me.”
Roughly after a month, Capital One data breach caught on headlines. It was reported that Capital One decided to store data in Amazon’s cloud unit, Amazon Web Services (AWS) and Paige Thompson, had been able to allegedly develop a software program that could scan and identify cloud customers who had configured their firewalls incorrectly. The faulty configuration of the firewalls apparently left their systems exposed to external attacks. Thompson allegedly exploited the vulnerability and took control over those systems by sending remote commands to servers.
Leaked Data Includes 140,000 Social Security Numbers
The Capital One data breach exposed the customers’ data including about 140,000 Social Security numbers and 80,000 linked bank account numbers.
Her involvement in crypto-jacking was exposed on July 29, the court document do not include other details such as the amount she earned through crypto mining and for how long she ran these servers for cryptojacking.
Besides Capital One, the DOJ mentioned other victims of the hack include a public research university, a telecommunications conglomerate located outside the US and a state agency outside the state of Washington.
The court’s indictment is only an accusation as for now, she is yet to plead guilty for the alleged data breach.