Alleged Capital One Hacker Accused of Secretly Mining Cryptocurrency

Published at: Aug. 29, 2019

The individual accused of perpetrating a massive-scale hack of credit card issuer Capital One also allegedly hacked cloud customers’ servers to mine cryptocurrency for herself. 

Court filings published on Aug. 28 reveal that Paige A. Thompson has been indicted on charges of both perpetrating the Capital One breach and of hacking into the servers of her employer’s cloud services customers for the purposes of cryptojacking.

“Cryptojacking” is an industry term for stealth crypto mining attacks which work by installing malware or otherwise gaining access to a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

The scheme’s alleged victims

While the court filings themselves do not reveal the name of Thompson’s former employer, a recent report has alleged the company in question is Amazon Web Services. 

The filings indicate only that the firm provides cloud-computing services to individuals, companies and governments, and reveal details of three unnamed victims of Thompson’s alleged data theft and parallel cryptojacking scheme. 

All three victims had contracted or rented servers from the cloud computing firm. 

One is described as being a “state agency of a state that is not the State of Washington,” the second as a telecoms non-United States-based conglomerate that serves customers in Europe, Asia, Africa and Oceania, and the third as a U.S.-based public research university, also outside of the state of Washington.

“My cryptojacking enterprise”

To perpetrate data theft and surreptitious mining activities, Thompson allegedly exploited the fact that some cloud customers had misconfigured the web application firewalls on the servers they had rented or contracted. 

She used this to obtain credentials for accounts with permission to view and copy data stored by their own customers on their cloud servers and then scanned this data for any valuable personal identifying information.

She notably also used her access to the servers for her own benefit, including for cryptojacking. The filings do not reveal any details of to what extent Thompson’s mining activities were profitable.

The Next Web has alleged that the defendant posted under a pseudonym online that “if I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home.”  

As reported, the Capital One breach is thought to have affected roughly 100 million U.S. customers and 6 million Canadians. 

Thompson allegedly gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, as well as data pertaining to customers’ credit scores, credit limits and balances.

Tags
Related Posts
Two Russians Charged With Illicitly Mining Crypto on State Hardware
Two Russian citizens are being prosecuted for allegedly targeting computers at state organizations to illicitly mine cryptocurrency. The two unnamed individuals purportedly infected the hardware with a program that mines cryptocurrency via a web browser, local media agency Tass reported on Dec. 16. One of the suspects, a resident of the city of Kurgan, is reported to have created an extensive botnet to infect computers across various regions of the country. The second suspect reportedly focused his mining operations on hardware at the state water utility JSC Rostovvodokanal. Mining can use up to 80% of targets’ processing power, official warns …
Cryptocurrencies / Dec. 17, 2019
15 Arrested in China for Allegedly Bribing Internet Cafe to Mine Crypto
Chinese authorities arrested fifteen men suspected of corrupting an internet café administrator to mine cryptocurrency. Local crypto industry news outlet 8BTC reported on Sept. 3 that police in Henyang, a city in south central China’s Hunan province, arrested the man for cryptojacking. Over 9,000 computer administrators were reportedly involved in helping the unauthorized mining operation. A profitable endeavor The cryptocurrency mined by the suspects in the four months ending in July has been sold for over a hundred million yuan (about $14 million). Local police received a report suggesting that many local Internet cafes were running cryptojacking malware. The findings …
China / Sept. 4, 2019
New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research
American software security firm Symantec found a spike in a new crypto mining malware that mainly targets enterprises, TechCrunch reports on April 25. The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes. First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China. As found by researchers, Beapy malware is reportedly spread through malicious emails. Once …
United States / April 25, 2019
US SEC Issues Fresh Investor Alert Against Fraudulent Digital Asset Trading Sites
The United States Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have jointly issued an alert warning investors against fraudulent websites purporting to operate advisory and trading businesses. The alert, issued by the SEC’s Office of Investor Education and Advocacy and the CFTC’s Office of Customer Education and Outreach, was published on April 24. The warning states that staff from both agencies have recently observed crypto-related investment scams where bad actors are touting “digital asset or ‘cryptocurrency’ advisory and trading businesses,” in some cases claiming they can invest clients’ funds in special crypto trading systems or …
United States / April 25, 2019
Alleged Bitcoin Mining Scam Reported in Thailand
Victims of an alleged cryptocurrency mining scam have filed claims against the suspected perpetrator with the Technology Crime Suppression Division in Thailand, the Bangkok Post reports on Feb. 18. Per the report, 30 people have filed a complaint with police, stating that they were fooled into an alleged investment scam called “CryptoMining.Farm.” This purportedly led the loss of 42 million baht ($1.34 million). Local authorities reportedly suspect that a total of 140 individuals were affected by the scam. CryptoMining.Farm, which has offices registered in both Bangkok and Chiang Mai, supposedly promised investors an annual return of 70 percent in addition …
Cryptocurrencies / Feb. 19, 2019