Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
The suspect behind the massive Capital One data breach also allegedly hacked cloud customersâ servers to mine cryptocurrency for herself.
The individual accused of perpetrating a massive-scale hack of credit card issuer Capital One also allegedly hacked cloud customersâ servers to mine cryptocurrency for herself.Â
Court filings published on Aug. 28 reveal that Paige A. Thompson has been indicted on charges of both perpetrating the Capital One breach and of hacking into the servers of her employerâs cloud services customers for the purposes of cryptojacking.
âCryptojackingâ is an industry term for stealth crypto mining attacks which work by installing malware or otherwise gaining access to a computerâs processing power to mine for cryptocurrencies without the ownerâs consent or knowledge.
The schemeâs alleged victims
While the court filings themselves do not reveal the name of Thompsonâs former employer, a recent report has alleged the company in question is Amazon Web Services.Â
The filings indicate only that the firm provides cloud-computing services to individuals, companies and governments, and reveal details of three unnamed victims of Thompsonâs alleged data theft and parallel cryptojacking scheme.Â
All three victims had contracted or rented servers from the cloud computing firm.Â
One is described as being a âstate agency of a state that is not the State of Washington,â the second as a telecoms non-United States-based conglomerate that serves customers in Europe, Asia, Africa and Oceania, and the third as a U.S.-based public research university, also outside of the state of Washington.
âMy cryptojacking enterpriseâ
To perpetrate data theft and surreptitious mining activities, Thompson allegedly exploited the fact that some cloud customers had misconfigured the web application firewalls on the servers they had rented or contracted.Â
She used this to obtain credentials for accounts with permission to view and copy data stored by their own customers on their cloud servers and then scanned this data for any valuable personal identifying information.
She notably also used her access to the servers for her own benefit, including for cryptojacking. The filings do not reveal any details of to what extent Thompsonâs mining activities were profitable.
The Next Web has alleged that the defendant posted under a pseudonym online that âif I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home.â Â
As reported, the Capital One breach is thought to have affected roughly 100 million U.S. customers and 6 million Canadians.Â
Thompson allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, as well as data pertaining to customersâ credit scores, credit limits and balances.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.