Capital One Hacker Used Stolen Computing Power to Mine Crypto

Capital One 860x430

A federal grand jury indictment of a former Amazon software engineer accused of breaching Capital One’s data servers reveals instances of crypto-jacking at the heart of her scheme.Between March and July 2019, Paige Thompson accessed at least 30 institutions’ servers managed by an unnamed cloud computing company, compromising at least 100 million customer accounts, according to a release published Wednesday. While there is no indication Thompson attempted to sell this information, she did use stolen computing power to mine cryptocurrencies.According to the indictment, Thompson scanned for and misconfigured vulnerable web firewalls to gain access to rented cloud servers. She would duplicate sensitive “buckets of data” onto her own server kept at home, and cover her tracks using the anonymizing TOR browser.“The object also was to use the access to the customers’ servers in other ways for [her] own benefit, including by using those servers for cryptojacking,” wrote prosecuting attorneys Steven…

Read the original article here