Capital One hacker under investigation for 30 more AWS data breaches
The Seattle hacker behind the major Capital One hack may have stolen data from many other organizations, with authorities claiming thefts have taken place from over 30 companies and entities in other thefts from Amazon Web Services.
At the end of July hacker Paige Thompson was arrested and charged for obtaining 140,000 Social Security numbers, one million Canadian Social Insurance Numbers, and 80,000 bank account numbers, along with the personal information of more than 100 million customers and applicants of Capital One. In new court filings, it appears Thompson performed a lot more attacks alongside that of Capital One.
According to a filing with the U.S. District Court for the Western District of Washington at Seattle, the US government said it was in support of a motion for detention of Thompson. As part of its recommendation, it notes Thompson was involved in "major cyber intrusions that resulted in the theft of massive amounts of data from what now appears to be more than 30 victim companies."
An examination of servers seized from Thomson's bedroom during a search of her residence relating to the Capital One hack was found to have "multiple terabytes of data stored by Thompson from more than 30 other companies, educational institutions, and other entities." The amount of data varies both in terms of type and amount, though the filing highlights "much of the data appears not to be data containing personal identifying information."
The government is working to identify specific entities from whom the data was stolen, as well as the types of data acquired in each case, with a view to add additional charges against Thompson for each theft of data.
Thompson told the government she has neither sold or shared the data with anyone, and that the copy of the data recovered from the server is the only version she created, though it is too early to determine if this is true.
While Thompson, who goes by the pseudonym "erratic," was previously a software engineer for Amazon Web Services, and that Capital One used AWS for hosting, it is not mentioned whether the other victims are also clients of Amazon for the cloud storage service.
The government agrees with the U.S. Probation and Pretrial Services Office recommendation Thomson remains detained, citing a "long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop," along with multiple calls to law enforcement prompted by the threats, and the filing of a protection order against Thompson.
It is also pointed out Thompson has been unemployed since 2016 and has no employment prospects if released. She also does't have an immediate home to go to, as her housemates told officials Thompson "is not welcome back at her residence."
The discovery of a "an arsenal of weapons, ammunition, and explosive material, largely unsecured and accessible" to Thompson owned by one of her housemates was also cited as a reason for detention, given the earlier threats.
"Thompson's crime in this case only exacerbates the harm that Thompson has done, and the threat she would pose if released," the U.S. government advises. "As a result, the Court should order Thompson detained, both as a danger to the community, and as a risk of non-appearance."
The Capital One hack is already a costly endeavor for the company, which has been notifying victims and offering free credit monitoring and identity protection, which will cost between $100 million and $150 million along with other tech and legal issues. After the revelation, the company's stock price also dropped approximately 10%, "erasing billions of dollars from the company's market capitalization."
Breaches are now a semi-regular occurrence for firms, with attacks evolving over time with the discovery of new vulnerabilities that need to be rectified in a timely fashion. Apple has largely remained immune to such issues, though there have been some small issues, such as supposed Israeli spyware that claims to be able to access iCloud-hosted data via a user's iPhone, as well as incidents similar to "Celebgate."
Apple uses Amazon's web services for some aspects of its iCloud service. It isn't clear which other other companies are involved at this point.