Chin up, CapitalOne: You may not have been the suspected hacker's only victim. Feds fear 30-plus organizations hit

Prosecutors file papers to keep Paige Thompson behind bars while awaiting trial

The front of a Capital One Bank

The ex-Amazon software engineer accused of stealing the personal information of 106 million people from Capital One's cloud-hosted databases may have hacked dozens of other organizations.

This is according to a filing [PDF] this week by prosecutors in a US federal district court in Seattle, where suspected cyber-thief Paige Thompson is facing trial.

While arguing their case to keep Thompson in jail before and during proceedings, Uncle Sam's legal eagles noted that as many as 30 other companies and organizations may have been similarly ransacked and had their customer records and corporate secrets siphoned by the alleged hacker.

"Thompson’s crime in this case – major cyber intrusions that resulted in the theft of massive amounts of data from what now appears to be more than 30 victim companies – only exacerbates the harm that Thompson has done, and the threat she would pose if released," the filing reads.

This is not a terribly surprising development, given that, according to documents previously submitted by the FBI in the Capital One case, Thompson bragged online about swiping data from dozens of other targets, from Ford to American universities. Capital One aside, none have, to the best of our knowledge, alleged in public any network intrusions at the hands of Thompson, a former AWS techie who may have used her intimate knowledge of the cloud giant to gain access to vulnerable S3 storage buckets.

Jeff Bezos feels a tap on the shoulder. Ahem, Mr Amazon, care to explain how Capital One's AWS S3 buckets got hacked?

READ MORE

Thompson, who went by the online aliases "erratic" and "0xA3A97B6C", was collared late last month in a dramatic armed raid in which police stormed the Seattle home she shared with several housemates, and seized 20 firearms and accessories along with Thompson's computing gear.

It is not just the additional investigations that have prosecutors asking Judge Mary Theiler to keep Thompson in detention. The Feds' paperwork also notes that the accused hacker has a history of threats to harm herself and others, potentially making her a danger for not only flight, but also a risk to the public.

"Thompson has a long history of threatening behavior that includes repeated threats to kill others, to kill herself, and to commit suicide by cop," the filing notes. "Thompson’s threats have resulted in multiple calls to law enforcement, and the entry of protection orders against Thompson."

One couple were granted five-year protection orders against Thompson after claiming she had subjected them to seven years of harassment. Her housemates also reported that she had threatened to commit "suicide by cop."

The next hearing in the case, to discuss the detention request, is set for later this week. ®




Biting the hand that feeds IT © 1998–2019