The 36-year-old Seattle tech employee behind the notorious 2019 Capital One information breach has been convicted on seven costs associated to the info theft — that are punishable by as much as 20 years in jail.
Within the incident, Paige Thompson, who operated below the hacker deal with “erratic,” made off with greater than 100 million credit score purposes that had been held in a misconfigured Amazon Internet Providers storage bucket within the cloud. She was arrested shortly thereafter, after the banking large traced the malicious exercise again to her and alerted the FBI.
“Ms. Thompson used her hacking abilities to steal the non-public info of greater than 100 million individuals, and hijacked laptop servers to mine cryptocurrency,” stated US Lawyer Nick Brown, in a press release. “Removed from being an moral hacker making an attempt to assist corporations with their laptop safety, she exploited errors to steal priceless information and sought to counterpoint herself.”
Prosecutors famous that Thompson particularly used a scanner to search for AWS misconfigurations, through which databases are left open to the Web with out authentication required for entry. In all, she managed to infiltrate the databases of 30 entities, together with Capital One — stealing information and in some instances planting cryptocurrency miners.
In response to a Division of Justice assertion, Thompson “spent a whole lot of hours advancing her scheme, and bragged about her unlawful conduct to others through textual content or on-line boards.”
After a seven-day trial and 10 hours of deliberation, a jury in US District Court docket in Seattle discovered Thompson responsible of wire fraud, 5 counts of unauthorized entry to a protected laptop, and damaging a protected laptop. The jury discovered her not responsible of access-device fraud and aggravated id theft.
Thompson is scheduled for sentencing by US District Choose Robert S. Lasnik on Sept. 15.
“She wished information, she wished cash, and he or she wished to brag,” Assistant US Lawyer Andrew Friedman stated in closing arguments.
“We’re happy with the end result of the trial and stay grateful for the tireless work of the US Lawyer’s Workplace in Seattle and the FBI’s Seattle Area Workplace in prosecuting this vital case,” Capital One stated in a media assertion.
Cloud Misconfigurations Stay Rampant
Whereas Thompson was bent on malicious exercise, the incident additionally introduced cloud-security duty and the difficulty of misconfigurations to the fore. Capital One was discovered to be negligent for leaving delicate monetary information open to the general public, leading to an $80 million high quality. It additionally settled buyer lawsuits for $190 million — not a cheap outcome.
“The Capital One breach actually put cloud safety on the forefront of many enterprises,” says John Bambenek, principal menace hunter at Netenrich. “Previous to that, there was a false impression that the cloud corporations would deal with safety and that default settings had been ‘safe sufficient.’ The truth is, the shared-security mannequin requires customers to make it possible for their cloud environments are safe and that information doesn’t unintentionally leak.”
In its current report on cloud misconfigurations, safety agency Rapid7 famous that breaches stemming from cloud misconfigurations proceed to occur with “distressing frequency.”
“At the start, it’s best to now be keenly conscious that there are people actively in search of out cloud service misconfigurations every day,” researchers warned within the report. “Given the precise tooling, it is nearly trivial for any reasonably intelligent particular person to hunt for these cracks within the cloud at scale, they usually do not even have to be focusing on your group particularly to return throughout that unintended misconfiguration which finally ends up exposing delicate information in your care.”
For example, earlier this month researchers from Secureworks Counter Menace Unit (CTU) discovered that cyberattackers are focusing on misconfigured Elasticsearch cloud buckets for extortion functions. After discovering information uncovered on the general public Web, the attackers then steal the wide-open information and change it with a ransom be aware. On the time, almost 1,200 situations had been affected.
Thus, enterprises ought to dedicate sources to cloud safety, together with planning for protected and resilient configurations and automatic processes to observe for errors and oversights, researchers famous.
Bambenek says there’s proof that issues are getting higher.
“It is taken a number of years, nevertheless we’re making actual strides in not solely having default-secure settings, however for safety instruments to begin detecting misconfigurations and malicious conduct in cloud environments,” he tells Darkish Studying.
