A federal grand jury indictment of a former Amazon software engineer accused of breaching Capital One’s data servers reveals instances of crypto-jacking at the heart of her scheme.
Between March and July 2019, Paige Thompson accessed at least 30 institutions’ servers managed by an unnamed cloud computing company, compromising at least 100 million customer accounts, according to a release published Wednesday. While there is no indication Thompson attempted to sell this information, she did use stolen computing power to mine cryptocurrencies.
According to the indictment, Thompson scanned for and misconfigured vulnerable web firewalls to gain access to rented cloud servers. She would duplicate sensitive “buckets of data” onto her own server kept at home, and cover her tracks using the anonymizing TOR browser.
“The object also was to use the access to the customers’ servers in other ways for [her] own benefit, including by using those servers for cryptojacking,” wrote prosecuting attorneys Steven Masada and Andrew Friedman.
Thompson reportedly spoke about her fraud over Slack and Twitter DMs. At one point, Thompson, under an alleged pseudonym, posted messages referring to cryptojacking over a Slack channel.
“I’ll be employed again soon and if I had a partner I could have them take over my cryptojacking enterprise and be a stay at home," one such message read, according to a report by Forbes staffer Thomas Brewster.
Another Slack message read: “For some reason i lost a whole fleet of miners all at the same time, so i think someone is onto me.”
Law enforcement became aware of Thompson’s activity after she shared information on GitHub relating to her theft of information from Capital One’s rented servers. The indictment also cites three unnamed victims including a state agency, a telecommunications conglomerate outside the U.S. and a public research university.
She faces up to 25 years in prison if found guilty of the charges, which include two counts of wire fraud and computer fraud. Additionally, Thompson is asked to forfeit her ill-gotten gains, or equivalent assets if inaccessible or untraceable.
Capital One image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.