This week, federal attorneys accused a woman in Seattle of stealing data from more than 100 million credit applications filed with Capital One Financial Corp . Amazingly, much of this breach played out over several months on social media and other open online platforms. What follows is a closer look at the accused and what this incident can mean to consumers and businesses.
29. July, FBI agents arrested Paige A. Thompson on suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud server. Capital One said the incident affected approximately 1
This data included approximately 140,000 Social Security numbers and approximately 80,000 American Consumer Bank account numbers, and approximately 1 million Social Security Numbers (SINs) for Canadian credit card customers.
"It is important that no credit card account number or login information was compromised, and over 99 percent of Social Security number was not compromised," Capital One said in a statement posted to the site.  "The largest category of information accessed was consumer and small business information from the time they applied for one of our credit card products from 2005 to early 2019," the statement continues. "This information included personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, zip / postal code, telephone number, email addresses, date of birth and self-reported income."
The FBI says Capital One learned about the theft from a tip sent via email on July 17, which notified the company that some of the leaked data was stored outdoors on the software development platform Github. The Github account was for a user named " Netcrave ," which includes the resume and name of a Paige A. Thompson.
The complaint does not explicitly name the e-commerce provider from which the Capital One credit data was obtained, but it does say that the defendant's resume continues to say that she worked as a systems engineer at the supplier between 2015 and 2016. This resume is available on Gitlab here, Thompson's reveals newest employer was Amazon Inc.
Further investigations revealed that Thompson used the nickname "erratic" on Twitter where she talked openly for months about finding big stores with data meant to be secured in various Amazon instances.
According to the FBI, Thompson also used a public Meetup group under the same alias, where she invited others to join a Slack channel called " Netcrave Communications ."
KrebsOnSecurity could participate this open Slack channel on Monday night and review many months of posts that were made seemingly incalculable about her personal life, interests and research online. One of Erratic's more interesting posts on the Slack channel is a June 27 comment that shows various databases she found by hacking into improperly secured Amazon cloud instances.
This post suggests that Erratic may also have located tens of gigabytes of data belonging to other large companies:
Erratic also often posted to Slack about her struggle with gender identity, lack of employment and persistent suicidal thoughts. In several conversations, Erratic refers to operating a kind of botnet, although it is unclear how serious these claims were. In particular, Erratic mentions one cryptocurrency bot network, which uses code snippets installed on websites – often surprisingly – designed to mine cryptocurrency.
None of Erratic's posts suggest that Thompson sought to profit from selling the data obtained from various Amazon cloud agencies she accessed. But it seems likely that at least some of this data could have been obtained by others who may have been following her activities on various social media platforms.
Ray Watson a cybersecurity researcher at the cloud security firm Masergy, said that the Capital One incident contains the hallmarks of many other modern data breaches.
"The attacker was a former employee of the web hosting company involved, often referred to as inside threats," Watson said. "She allegedly used firewall credentials for web applications to gain privilege escalation. The use of Tor and an offshore VPN for obfuscation is often seen in similar data breaches."
"However, the good news is that Capital One Incidence Response was capable of to move quickly when informed of a possible breach through their Responsible Disclosure program, which is something many other companies are struggling with, he continued.
In Capital Ont's statement about the breach, the company's manager and CEO Richard D The Fairbank financial institution configuration vulnerability that led to data theft and immediately began to work with federal law enforcement.
"Based on our analysis to date, we believe it is unlikely that the information was used for fraud or dissemination by this person, "said Fairbank." Although I am grateful that the perpetrator has been caught, I sincerely apologize for what has happened. An understandable concern this incident must cause to those affected, and I am committed to doing it right. "
to all concerned.
Bloomberg reports that in court on Monday, Thompson collapsed and put his head on the defense table during the hearing. She is charged with a single count of data fraud and has a maximum sentence of five years jail and a $ 250,000 fine, Thompson will be remanded in custody until her bail set for Aug. 1.
A copy of the complaint against Thompson is available here.
Tags: Capital One breach, GitHub, Masergy , Paige A. Thompson, Ray Watson, Slack, twitter
You can jump to the end and leave a comment. Pinging is not allowed at this time.