Court filings published on Aug. 28 reveal that Paige A. Thompson has been indicted on charges of both perpetrating the Capital One breach and of hacking into the servers of her employer’s cloud services customers for the purposes of cryptojacking.
“Cryptojacking” is an industry term for stealth crypto mining attacks which work by installing malware or otherwise gaining access to a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.
The scheme’s alleged victims
While the court filings themselves do not reveal the name of Thompson’s former employer, a recent report has alleged the company in question is Amazon Web Services.
The filings indicate only that the firm provides cloud-computing services to individuals, companies and governments, and reveal details of three unnamed victims of Thompson’s alleged data theft and parallel cryptojacking scheme.
All three victims had contracted or rented servers from the cloud computing firm.
One is described as being a “state agency of a state that is not the State of Washington,” the second as a telecoms non-United States-based conglomerate that serves customers in Europe, Asia, Africa and Oceania, and the third as a U.S.-based public research university, also outside of the state of Washington.
“My cryptojacking enterprise”
To perpetrate data theft and surreptitious mining activities, Thompson allegedly exploited the fact that some cloud customers had misconfigured the web application firewalls on the servers they had rented or contracted.
She used this to obtain credentials for accounts with permission to view and copy data stored by their own customers on their cloud servers and then scanned this data for any valuable personal identifying information.
She notably also used her access to the servers for her own benefit, including for cryptojacking. The filings do not reveal any details of to what extent Thompson’s mining activities were profitable.
The Next Web has alleged that the defendant posted under a pseudonym online that “if I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home.”
As reported, the Capital One breach is thought to have affected roughly 100 million U.S. customers and 6 million Canadians.
Thompson allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, as well as data pertaining to customers’ credit scores, credit limits and balances.