Paige Thompson, a former AWS employee was sentenced for hacking into Capital One and stealing the data of over 106 million people in one of the biggest data breaches in the US very recently. Thompson was found guilty of seven federal crimes including wire fraud which charges her for living up to 20 years in prison. The prosecutors have argued that Thompson created a tool to find the misconfigured account on AWS allowing her to mine data of more than 30 clients of Amazon including Capital one.
Andrew Friedman, Assistant US attorney commented,’ “She wanted data, she wanted money, and she wanted to brag,” as stated in the CNBC news.
Cybersecurity professional, Steve king’s views are quite different on Thompson’s. King says it’s clear to him that Thompson’s act was the culmination of years of frustration over what she could call their, “stupid approaches to cybersecurity.”
He says there may indeed be the possibility that the woman perpetrated the breaches with the intent to monetize and meliorate herself in the process. “….but having worked on a software development project with Paige over a several month long period, I have no doubt about her motive.”, writes King at cybertheory.
King thinks that it was all an attempt to simply prove how even a mid-level hacker, just for fun, could take down the leading digital bank along with other 30 AWS’s clients.
“…. I don’t think I could enjoy living in a house that I paid for with stolen money.”, as per an email Thompson once wrote to King back in 2014, says King on cybertheory.
In the email, Thompson contends that she didn’t enjoy stealing ‘dumb stuff’, like Wi-Fi or ‘goldbricking 4g acess’ but there’s stealing on a large scale.
King believes that based on her simple demonstration of how comfortably all of the magnificent technological defenses can be bypassed, Paige Thompson could receive a similar treatment that given to a British hacker, Marcus Hutchins (indicted on six hacking-related federal charges) i.e. a year of supervised release.
As per King, the judge will probably make an extension of that condition of her current release and prohibit her from ‘visiting any Capital One or Amazon-owned locations, including Whole Foods’.
King says Paige’s hacks could be seen as a ‘portfolio of public service warnings’.
King also further says, “I firmly believe that the sort of ‘do as I say not as I do’ mentality that is all too common has taken its toll in other aspects of life and empowered people to incredulous acts of corruption;”
King says this one of the world’s biggest breaches may straightforwardly inspire other ‘incredibly smart, brilliant hackers’ who are a hair away from connecting the dots between their rationale for showcasing their skills, seeking attention, and executing the ‘next headline attack’.
“She’s Just One Voice of Many More, Emerging from the Cybersphere Shadows.”, writes King.
The cost to repair for Capital One breach will probably exceed $1 billion and King says if the cybersecurity industry keeps on continuing the path it’s currently on, the situation will only get worse.