The Federal Prosecutor's Office this week accused a Seattle woman of stealing data from over 100 million loan applications made with Capital One Financial Corp. . It is improbable that much of this breach has been publicly played out over several months on social media and other open online platforms. The following is a closer look at the accused and what this incident can mean for consumers and businesses.
On July 29, FBI agents arrested Paige A. Thompson on suspicion of downloading nearly 30GB of credit application data from Capital One from a leased cloud data server. Capital One said the incident affected approximately 1
These figures include approximately 140,000 Social Security numbers and approximately 80,000 US consumer bank account numbers and approximately 1 million Social Security Numbers (SINs) for Canadian credit card customers.
"The important thing is that there are no compromised credit card account numbers or login credentials and over 99 percent of Social Security numbers have not been compromised," Capital One said in a statement posted on its website.  "The largest category of access to information was consumer and small business information at the time they applied for one of our credit card products from 2005 to early 2019," the statement continued. "This information included personal information. Capital One regularly collects as soon as it receives credit card applications, including names, addresses, postal codes / postcodes, phone numbers, emails, birthdays and self-reported income. "
The FBI says Capital One has learned of the theft from a tip emailed on July 17 that warned the company that some of its leaking data is being stored outdoors on the Github software development platform. This Github account was for a user called " Netcrave ", which included the summary and name of one Paige A. Thompson.
The complaint does not explicitly mention the cloud hosting provider from which Capital One's credit data was taken, but the defendant's summary states that she worked as a systems engineer with the provider between 2015 and 2016. This summary, available at Gitlab here reveals that Thompson's newest employer is Amazon Inc.
Further investigation revealed that Thompson used the nickname "chaotic" on Twitter where she openly talked for months about finding huge data stores intended to be protected in various Amazon cases .
According to the FBI, Thompson also used a public meetup group under the same alias where she invited others to join a Slack channel called " Netcrave Communications ."
KrebsOnSecurity was able to join this open channel Slack on Monday night and review the months-long posts, apparently made by Characteristic of Your Privacy, Interests and Online Research. One of Erratic's more interesting posts on the Slack channel is a June 27 commentary that lists various databases she discovered by hacking into improperly protected Amazon cloud cases.
This publication suggests that Erratic may also have found dozens of gigabytes of data belonging to other major corporations:
Erratic also frequently publishes in Slack about his struggles with gender identity, lack of employment, and constant suicidal thoughts. In several conversations, Erratic makes reference to the launch of a botnet, although it is unclear how serious these claims are. In particular, Erratic mentions a botnet involved in cryptocurrencies that uses snippets of code installed on websites – often hidden – designed to mine cryptocurrencies.
None of Erratic's publications suggest that Thompson sought to profit from the sale of data taken from various Amazon cloud cases she had access to. But it seems likely that at least some of this data could have been obtained from others who may have followed her activities across various social media platforms.
Ray Watson Cyber security researcher at cloud security firm Masergy said that the incident at Capital One contained the hallmarks of many other modern data breaches.
"The attacker is a former employee of a participating web hosting company, often referred to as internal threats," Watson says. "She claims she uses the web application firewall credentials to gain an escalation of privileges. Also, the use of Tor and offshore VPN is often observed in similar data breaches. "
" The good news is that the answer to the incident with the Capital One Incident was able to move quickly after being informed of the possible infringement through their program for responsible disclosure, which is something you struggle many companies, ”he continued.
In a statement from Capital One about the breach, the chairman of the company and CEO Richard D. Fairbank said the financial institution had a configuration vulnerability that led to data theft and immediately began working with federal law enforcement.
"Based on our analysis so far, we believe that the information is unlikely to have been fraudulently used or disclosed by that person," said Fairbank, "While I am grateful that the perpetrator was caught, I am very sorry for the incident. se. I sincerely apologize for the understandable concern this incident must cause to those affected and I am committed to correcting it. "
Capital One says it will notify affected individuals through various channels and will provide free credit monitoring and identity protection to all concerned.
Bloomberg reported that in court Monday Thompson has broken down and laid the head of the protective mass during the hearing. She has been charged with one count of computer fraud and faces a maximum sentence of five years in prison and a fine of $ 250,000. Thompson will be detained pending her bail hearing, set for August 1.
A copy of the complaint against Thompson is available here.
Tags: Capital Disruption One, GitHub, Masergy, Page A. Thompson, Ray Watson, Slack, twitter
You can skip to the end and leave a comment. Pinging is currently not allowed.