An ex-Amazon employee was charged with wire fraud and computer data theft, the Department of Justice announced yesterday. Paige Thompson, 33, exploited misconfigured firewalls on servers rented from the Cloud Computing Company to gain access to dozens of companies, including over a hundred million customer accounts from credit card company Capital One.
Thompson then used her access to steal data and to mine cryptocurrency. Hacking servers to mine cryptocurrency is known as “cryptojacking”, a practice whereby viruses use the computing power of machines of unsuspecting victims.
It’s unknown how much Thompson looted from cryptojacking, but previous cases suggest it could be a lot. In a separate case, discovered by cybersecurity company Check Point last February, researchers found that someone had hacked Jenkins, an open-source automation server used by companies all around the world, and infected victims’ computers with crypto mining software. The hacker is estimated to have earned $3 million in Monero before they were stopped.
Thompson was rumbled after she took to GitHub to boast about the heist to another user. Her confidant ratted to Capital One, who in turn contacted the FBI. On July 29, agents searched Thompson’s house–investigators, however, found no evidence that Thompson sold any of the stolen information.
Thompson will be arraigned on the indictment in U.S. District Court in Seattle on September 5. If she’s found guilty, Thompson could face up to 25 years in prison. Best of luck!