A Seattle jury has discovered Paige Thompson, a former Amazon software program engineer accused of stealing records from Capital One in 2019, responsible of wire fraud and 5 counts of unauthorized get admission to to a blanketed computer. The Capital One hack used to be one of the largest protection breaches in the US and compromised the facts of one hundred million humans in the country, alongside with 6 million human beings in Canada. Thompson was once arrested in July that yr after a GitHub person noticed her submit on the internet site sharing statistics about stealing information from servers storing Capital One information.
According to the Department of Justice, Thompson used a device she constructed herself to scan Amazon Web Services for misconfigured accounts. She then allegedly used these money owed to infiltrate Capital One’s servers and down load over a hundred million people’s data. The jury has determined that Thompson violated the Computer Fraud and Abuse Act via doing so, however her attorneys argued that she used the identical equipment and approach additionally used by means of moral hackers.
The Justice Department currently amended the Computer Fraud and Abuse Act to guard moral or white hat hackers. As lengthy as researchers are investigating or fixing vulnerabilities in “good faith” and are not the usage of the protection holes they find out for extortion or different malicious purposes, they can no longer be charged beneath the law.
Former Amazon employee convicted in Capital One hack
US authorities, however, disagreed with the statement that she was once solely making an attempt to expose Capital One’s vulnerabilities. The Justice Department stated she planted cryptocurrency mining software program onto the bank’s servers and despatched the income straight to her digital wallet. She additionally allegedly bragged about the hack on on line forums.
“Far from being an moral hacker making an attempt to assist agencies with their laptop security, she exploited errors to steal precious records and sought to enrich herself,” US Attorney Nick Brown said. Thompson should be sentenced with up to 20 years of jail time for wire fraud and up to 5 years for every cost of illegally gaining access to a covered computer. Her sentencing listening to is scheduled for September 15th.