Former AWS engineer found guilty of wire fraud and computer intrusions in 2019 Capital One hack – GeekWire

An ex-Amazon Website Solutions engineer accused of a huge hack in 2019 was observed guilty of 7 federal crimes on Friday in the U.S. District Court of Seattle.

Prosecutors showed how Paige Thompson constructed a tool that determined misconfigured AWS accounts and made use of them to access information from additional than 30 entities, together with Funds One particular, an AWS customer. More than 100 million Cash One particular prospects ended up impacted. It was just one of the major breaches of a important monetary assistance.

A jury found that Thompson violated the Computer Fraud and Abuse Act, which drew focus previous month soon after the Justice Division revised its policy for charging conditions less than the Act and said “good-faith safety investigate should not be charged.”

Thompson was discovered responsible of wire fraud, 5 counts of unauthorized access to a shielded pc, and detrimental a safeguarded computer. She utilized the illegal access to earn profits from cryptocurrency mining application that was planted on new servers, according to the suit. Thompson was found not responsible of entry unit fraud and aggravated id theft.

“Ms. Thompson used her hacking abilities to steal the personal information of additional than 100 million men and women, and hijacked laptop servers to mine cryptocurrency,” U.S. Legal professional Nick Brown claimed in a push launch.  “Far from being an ethical hacker hoping to enable organizations with their computer protection, she exploited problems to steal worthwhile information and sought to enrich herself.”

Thompson worked at Amazon as a programs engineer from 2015 to 2016.

Capital One finished up shelling out $80 million in fines and $190 million to settle a course-action lawsuit connected to the hack.

Thompson, 36, is scheduled for sentencing on Sept. 15. Wire fraud is punishable by up to 20 many years in jail illegally accessing a secured pc and harming a secured laptop or computer are punishable by up to five a long time.