Former Amazon Engineer Paige Thompson Convicted Of Guilty For Hacking Customer's Cloud System

Capital One was once the victim of a mass hack. (photo: twitter @capitalone)

JAKARTA - A former Amazon Web Services (AWS) engineer was found guilty of hacking a customer's cloud storage system. He also stole data related to the massive 2019 Capital One breach.

The US District Court in Seattle last week convicted Paige Thompson of seven counts of computer and wire fraud on Friday, June 17, for crimes punishable by up to 20 years in prison.

Thompson, who also goes by the name “Erratic” online, was arrested for the Capital One hack in July 2019. The breach was one of the largest on record, revealing the name, date of birth, social security number, email address and phone number of more. than 100 million people in the US and Canada.

Capital One has since been fined 80 million US dollars (Rp 1.1 trillion) for allegedly failing to secure user data and settled with affected customers amounting to 190 million US dollars (Rp 2.8 trillion).

A press release from the US Department of Justice (DOJ) states Thompson developed a tool that scans AWS for misconfigured accounts and then leverages these accounts to gain access to the systems of Capital One and dozens of other AWS customers.

Prosecutors also said Thompson "hijacked" the company's servers to install cryptocurrency mining software that would transfer any revenue to his personal crypto wallet. He later "bragged" about his mistakes on online forums and via text messages.

At the time, there was some debate as to whether Thompson was an ethical hacker (who broke into network security to expose weaknesses) or a security researcher because of his unusual frankness about his role in the online Capital One attack. This woman also posts sensitive customer data on public GitHub pages and shares details, such as breaches on Twitter and Slack.

Earlier this year, the Justice Department made clear that it would not prosecute security researchers under the Computer Fraud and Abuse Act. But US prosecutors clearly don't believe Thompson's actions fall under this exception.

"Far from being an ethical hacker trying to help companies with their computer security, he exploits mistakes to steal valuable data and seeks to enrich himself," US attorney Nick Brown said in a statement quoted by The Verge. Thompson's sentencing hearing will take place on September 15, 2022.