An indictment by the federal grand jury of a former Amazon software engineer accused of violating the Capital One data servers reveals cases of crypto-jacking at the heart of his scheme.
Between March and July 2019, Paige Thompson accessed at least 30 servers from institutions managed by an unidentified cloud computing company, committing at least 100 million customer accounts, according to a statement released Wednesday. While there are no indications that Thompson has tried to sell this information, he did use the stolen computing power to extract cryptocurrencies.
According to the indictment, Thompson scanned and poorly configured vulnerable web firewalls to gain access to leased cloud servers. It would duplicate confidential “data cubes” on its own server stored at home and cover its tracks using the anonymizer of the TOR browser.
“The goal was also to use client access to servers in other ways for their own benefit, including through the use of those servers for cryptojacking,” procedural lawyers Steven Masada and Andrew Friedman wrote.
Thompson reportedly talked about his fraud on Slack and Twitter DM. At one point, Thompson, under an alleged pseudonym, posted messages that referred to cryptojacking on an Slack channel.
“I will return to work soon and if I had a partner I could have them take over my cryptojacking company and stay at home,” said one of those messages, according to a report by Forbes employee Thomas Brewster.
Another message from Slack said: “For some reason, I lost a whole fleet of miners at the same time, so I think someone is with me.”
Police noticed Thompson’s activity after she shared information about GitHub related to her theft of information from the rented servers of Capital One. The accusation also cites three unidentified victims, including a state agency, a conglomerate of telecommunications outside the US UU. And a public research university.
He faces up to 25 years in prison if found guilty of the charges, which include two charges of electronic fraud and computer fraud. In addition, Thompson is asked to lose his illegally earned earnings or equivalent assets if he is inaccessible or cannot be traced.
Capital One image via Shutterstock