The former Amazon Web Services employee thought to be behind the data breach of Capital One bank earlier this year appears to have also used the infiltrated cloud servers to surreptitiously mine cryptocurrency.
Thompson allegedly created a software program to scan for and identify cloud customers that had incorrectly configured their firewalls, and in doing so, had left their systems exposed to external attacks. It appears that Thompson was able to exploit the vulnerability and send remote commands to servers to take control of those systems.
She then used this access to use servers to mine cryptocurrency on her behalf. She also stole data from 30 companies, including a US state agency, a foreign telecom conglomerate, and a public research university.
Court documents remain thin on details about Thompson’s crypto-jacking exploits. How much she earned and how long she has been running crypto-jacked servers remains unclear.
However, it seems she may have been quite prolific. Thompson bragged about her cryptocurrency mining exploits in Slack messages.
“I’ll be employed again soon and if I had a partner I could have them take over my crypto-jacking enterprise and be a stay at home,” they said under a pseudonym.
Posting under another alias on June 26, they wrote: “For some reason [I] lost a whole fleet of miners all at the same time, so [I] think someone is onto me.” The following month the data breach was noticed and Capital One was alerted; this subsequently brought Thompson’s hacking extravaganza to an end.
Thompson remains in custody and is due to appear in court on September 5, where her charges will be read. Bear in mind, the above indictment is only an accusation, and Thompson is yet to be found guilty in a court of law for the alleged hack.
If she is found guilty, charges carry a maximum sentence of 25 years imprisonment.