Details about Paige Thompson, the person who allegedly hacked into Capital One
Page A. Thompson was arrested for allegedly hacking into Capital One Financial Corp’s Cloud servers and allegedly stealing customer information. The following is some insight into the person who allegedly was able to complete such an extraordinary Hack of Capital One Financial Corp.
Click on this link to download the official Paige Thompson Indictment – 12 pages.
From the Capital One News Release:
“Beyond the credit card application data, the individual also obtained portions of credit card customer data, including:
- Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information
- Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
No bank account numbers or Social Security numbers were compromised, other than:
About 140,000 Social Security numbers of our credit card customers
About 80,000 linked bank account numbers of our secured credit card customers
For our Canadian credit card customers, approximately 1 million Social Insurance Numbers were compromised in this incident.”.
Paige used GitHub and also had a page on GitLab. She setup the GitLab page under Netcrave. She also posted using the handle “erratic”. Her GitLab page is still there. Click on this link to visit Paige’s GitLab page.
She had posted her resume on Scripd. Click on this link to view Paige Thompson’s resume.
Paige had a Twitter account which is still active. Click on this link to view Paige’s Twitter feed.
Click on this link to visit Paig Thompson’s GitHub page.
Having spent some time going over some of her web pages, I do not get the impression that Paige is into Black Hat Hacking. I get the impression of a skilled Programmer and Techie. IMHO her alleged hacking of Capital One could be a case of her testing herself and her skills. She apparently had to put her pet cat down and such an event can be traumatic. Trauma can impact one’s thinking. If she is guilty of the alleged Hack of Capital One, I have doubts whether the allegedly stolen info was placed or sold on DarkNet.
The bigger and more important question is: Why was the Firewall protecting Capital One’s Cloud resources allegedly incorrectly configured and allegedly incorrectly configured by whom. Was it the fault of Capital One or was it the fault of their Cloud Provider?
UPDATE Jul 31. Well known IT Security site KrebsOnSecurity.com has posted about the capital One Data Breach. They were able to access the Slack channel when Paige had been posting to. Slack provides “secure” private messaging within a company. I’ve used it at a job. I was not aware that slack also had “open” channels available. Will look into this. Click on this link to visit the KrebsOnSecurity website to read their post titled: “Capital One Data Theft Impacts 106M People”.
The paragraph below was from their posting. Posted under Fair Use provisions.
“KrebsOnSecurity was able to join this open Slack channel Monday evening and review many months of postings apparently made by Erratic about her personal life, interests and online explorations. One of the more interesting posts by Erratic on the Slack channel is a June 27 comment listing various databases she found by hacking into improperly secured Amazon cloud instances.”
This IMHO this points to someone who maybe did the Hacking as a challenge versus someone who would do something like this for greater criminal intent such as Extorting Capital One, or using the stolen data to apply for Credit Cards or selling the data on DarkNet markets. We’ll learn more if there is trial. If she pleads guilty, then there will be no trial.
Myself, I would like to know who was responsible for the allegedly misconfigured Firewall (per the FBI).
How many other Firewalls, supposedly protecting Cloud based data may also be “misconfigured”???
Posted by Vincent Banial