Former AWS employee given 5 years probation for Capital One hack | Tech Lada

A former Amazon Internet Companies Inc. worker was sentenced to time served and 5 years probation for stealing greater than 100 million information belonging to Capital One Monetary Corp. in 2019.

Paige A. Thompson, who labored for AWS as an engineer till 2016, was discovered responsible in June of seven fees associated to the hack, together with wire fraud, unlawful entry to a protected pc and injury to a protected pc.

The presumably lax sentence, described by the US Division of Justice as “disappointing,” was handed down by a choose in Seattle. The choose within the case, Robert S. Lasnik, is alleged to have been moved by an announcement by Thompson, who’s transgender and suffers from psychological well being issues, that he hopes to make optimistic and significant contributions to society.

The choose even admitted that the sentence was shocking, risking Thompson being authentic in his put on.

Decide Lasnik, in sentencing Paige Thompson to probation, mentioned that she is risking her status to not commit extra crimes. “If that occurs, I’ll admit my mistake. I consider in her and I feel she is going to show that that is the proper sentence.”

— Amy Miller (@Siliconlaw) October 4, 2022

Within the case, prosecutors argued that Thompson, utilizing the “erratic” title on-line, created a software to search for misconfigured AWS accounts. That allowed him to entry the accounts of greater than 30 AWS prospects, together with Capital One, and steal their knowledge. Different firms and organizations Thompson accessed included UniCredit SpA, Vodafone plc, Ford Motor Co., Michigan State College and the Ohio Division of Transportation.

Within the Capital One case, Thompson stole knowledge consisting of bank card purposes, together with names, addresses, zip codes, telephone numbers, electronic mail addresses, dates of start, and self-reported earnings. The apps additionally included “bank card buyer knowledge chunks,” together with credit score scores, credit score limits, balances, cost historical past, contact info, and “transaction knowledge snippets.”

Nonetheless, knowledge theft was not Thompson’s solely alleged crime. It was additionally alleged that he used his entry to AWS servers to mine cryptocurrencies. “She needed knowledge, she needed cash and he or she needed to indicate off,” Assistant US Lawyer Andrew Friedman mentioned in closing arguments within the trial.

“Whereas we perceive the mitigating elements, we’re very disenchanted with the courtroom’s sentencing choice. This isn’t what justice appears to be like like,” US Lawyer Nick Brown mentioned in an announcement. “Millisecond. Thompson’s hacking and data theft of 100 million folks induced greater than $250 million in injury to companies and people. His cybercrimes created anxiousness in thousands and thousands of people who find themselves justifiably anxious about their info.” This habits warrants a extra severe sanction.”

The sentencing got here on the identical day that former Uber Applied sciences Inc. chief safety officer Joe Sullivan was discovered responsible of overlaying up a safety breach at Uber in 2016 that noticed the theft of knowledge associated to some 57 million riders and drivers. from Uber.

Sullivan faces as much as 5 years in jail for overlaying up a hack for which he was not accountable. Fairly, Thompson was answerable for the theft of almost twice as many Capital One information because the Uber hack and was behind the information theft moderately than overlaying it up, and that is not counting the opposite firms he stole knowledge from.

Whereas pleading for a seven-year sentence, Brown instructed the courtroom that he “exhibited a smug sense of superiority and complete glee whereas committing these crimes…Thompson was motivated to earn cash at different folks’s expense, to indicate that she was extra smarter than the folks he was hacking and to earn bragging rights within the hacker group.”

Photograph: Billy Hathorn/Wikimedia Commons