Former Amazon Worker Convicted of Capital One Hacking


A former Amazon engineer accused stealing customers’ personal information from Capital One He was found guilty on Friday of electronic fraud and hacking charges in one of the largest violations in the United States.

A Seattle jury found this Paige Thompson, 36, had violated an anti-hacking law known as the Computer Fraud and Abuse Act, which prohibits unauthorized access to a computer. The jury found him not guilty of identity theft and access device fraud.

Ms. Thompson worked as a software engineer and ran an online community for other employees in her industry. In 2019, she downloaded the personal information of more than 100 million Capital One customers. The legal team argued that it uses the same tools and methods as ethical hackers who investigate software vulnerabilities and report them to companies so they can be fixed.

The Justice Department said, however, that Ms Thompson never planned to alert Capital One of problems giving customers access to their data, and bragged to her online friends about the vulnerabilities she had uncovered and the information she had downloaded. The Justice Department said Ms Thompson also used her access to Capital One servers to mine cryptocurrencies.

“He wanted data, he wanted money, and he wanted to brag,” Andrew Friedman, assistant US attorney, said in his closing speech.

Ms. Thompson’s case has drawn the attention of the tech industry for charges under the Computer Fraud and Abuse Act. Critics of the law argued that the law was too broad and allowed so-called white hat hackers to be prosecuted. Last month, Justice Department He told prosecutors they should no longer use the law to track down hackers who were doing “good faith security research.”

In addition to the wire fraud charges, the jury debated for 10 hours before convicting Ms. Thompson five times for gaining unauthorized access to and damaging a protected computer. He is scheduled to be sentenced on September 15.

Ms. Thompson’s lawyer declined to comment on the decision.

Capital One discovered the breach in July 2019 after a woman who spoke to Ms. Thompson about the data reported the issue to Capital One. Capital One forwarded the information to the Federal Bureau of Investigation, and Ms. Thompson was arrested soon after.

Regulators said Capital One lacks the security measures it needs to protect customers’ information. In 2020, the bank agreed to pay 80 million dollars to resolve these claims. He also agreed to pay in December. 190 million dollars to persons whose data is exposed in the breach.

“Miss. Thompson used her hacking skills to steal the personal information of more than 100 million people and hijacked computer servers to mine cryptocurrencies,” he said. “He is far from being an ethical hacker trying to help companies with computer security, from mistakes to steal valuable data. took advantage of it and tried to enrich himself.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *