Capital One Attacker Exploited Misconfigured AWS Databases

The 36-year-old Seattle tech worker behind the infamous 2019 Capital One data breach has been convicted on seven charges related to the data theft – which are punishable by up to 20 years in jail.

In the incident, Paige Thompson, who operated under the hacker handle “erratic,” made off with more than 100 million credit applications that were held in a misconfigured Amazon Web Services storage bucket in the cloud. She was arrested shortly thereafter, after the banking giant traced the malicious activity back to her and alerted the FBI.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said U.S. Attorney Nick Brown, in a statement. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”

Prosecutors noted that Thompson specifically used a scanner to look for AWS misconfigurations, in which databases are left open to the Internet without authentication required for access. In all, she managed to infiltrate the databases of 30 entities, including Capital One – stealing data and in some cases planting cryptocurrency miners.

According to a Department of Justice statement, Thompson “spent hundreds of hours advancing her scheme, and bragged about her illegal conduct to others via text or online forums.”

After a seven-day trial and 10 hours of deliberation, a jury in U.S. District Court in Seattle found Thompson guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The jury found her not guilty of access-device fraud and aggravated identity theft.

Thompson is scheduled for sentencing by U.S. District Judge Robert S. Lasnik on Sept. 15.

“She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said in closing arguments.

“We are pleased with the outcome of the trial and remain grateful for the tireless work of the U.S. Attorney’s Office in Seattle and the FBI’s Seattle Field Office in prosecuting this important case,” Capital One said in a media statement.

Cloud Misconfigurations Remain Rampant

While Thompson was bent on malicious activity, the incident also brought cloud-security responsibility and the issue of misconfigurations to the fore. Capital One was found to be negligent for leaving sensitive financial data open to the public, resulting in an $ 80 million fine. It also settled customer lawsuits for $ 190 million – not an inexpensive result.

“The Capital One breach really put cloud security at the forefront of many enterprises,” says John Bambenek, principal threat hunter at Netenrich. “Prior to that, there was a misconception that the cloud companies would handle security and that default settings were ‘secure enough.’ The reality is, the shared-security model requires users to make sure that their cloud environments are secure and that data does not accidentally leak. “

In its recent report on cloud misconfigurations, security firm Rapid7 noted that breaches stemming from cloud misconfigurations continue to happen with “distressing frequency.”

“First and foremost, you should now be keenly aware that there are individuals actively seeking out cloud service misconfigurations on a daily basis,” researchers warned in the report. “Given the right tooling, it’s almost trivial for any moderately clever person to hunt for these cracks in the cloud at scale, and they do not even need to be targeting your organization specifically to come across that unintended misconfiguration which ends up exposing sensitive data. in your care. “

As an example, earlier this month researchers from the Secureworks Counter Threat Unit (CTU) found that cyberattackers are targeting misconfigured Elasticsearch cloud buckets for extortion purposes. After finding data exposed on the public Internet, the attackers then steal the wide-open data and replace it with a ransom note. At the time, nearly 1,200 instances had been affected.

Thus, enterprises should dedicate resources to cloud security, including planning for safe and resilient configurations and automated processes to monitor for mistakes and oversights, researchers noted.

Bambenek says there’s evidence that things are getting better.

“It’s taken a few years, however we are making real strides in not only having default-secure settings, but for security tools to start detecting misconfigurations and malicious behavior in cloud environments,” he tells Dark Reading.

Source

The 36-year-old Seattle tech worker behind the infamous 2019 Capital One data breach has been convicted on seven charges related to the data theft – which are punishable by up to 20 years in jail.

In the incident, Paige Thompson, who operated under the hacker handle “erratic,” made off with more than 100 million credit applications that were held in a misconfigured Amazon Web Services storage bucket in the cloud. She was arrested shortly thereafter, after the banking giant traced the malicious activity back to her and alerted the FBI.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said U.S. Attorney Nick Brown, in a statement. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”

Prosecutors noted that Thompson specifically used a scanner to look for AWS misconfigurations, in which databases are left open to the Internet without authentication required for access. In all, she managed to infiltrate the databases of 30 entities, including Capital One – stealing data and in some cases planting cryptocurrency miners.

According to a Department of Justice statement, Thompson “spent hundreds of hours advancing her scheme, and bragged about her illegal conduct to others via text or online forums.”

After a seven-day trial and 10 hours of deliberation, a jury in U.S. District Court in Seattle found Thompson guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The jury found her not guilty of access-device fraud and aggravated identity theft.

Thompson is scheduled for sentencing by U.S. District Judge Robert S. Lasnik on Sept. 15.

“She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said in closing arguments.

“We are pleased with the outcome of the trial and remain grateful for the tireless work of the U.S. Attorney’s Office in Seattle and the FBI’s Seattle Field Office in prosecuting this important case,” Capital One said in a media statement.

Cloud Misconfigurations Remain Rampant

While Thompson was bent on malicious activity, the incident also brought cloud-security responsibility and the issue of misconfigurations to the fore. Capital One was found to be negligent for leaving sensitive financial data open to the public, resulting in an $ 80 million fine. It also settled customer lawsuits for $ 190 million – not an inexpensive result.

“The Capital One breach really put cloud security at the forefront of many enterprises,” says John Bambenek, principal threat hunter at Netenrich. “Prior to that, there was a misconception that the cloud companies would handle security and that default settings were ‘secure enough.’ The reality is, the shared-security model requires users to make sure that their cloud environments are secure and that data does not accidentally leak. “

In its recent report on cloud misconfigurations, security firm Rapid7 noted that breaches stemming from cloud misconfigurations continue to happen with “distressing frequency.”

“First and foremost, you should now be keenly aware that there are individuals actively seeking out cloud service misconfigurations on a daily basis,” researchers warned in the report. “Given the right tooling, it’s almost trivial for any moderately clever person to hunt for these cracks in the cloud at scale, and they do not even need to be targeting your organization specifically to come across that unintended misconfiguration which ends up exposing sensitive data. in your care. “

As an example, earlier this month researchers from the Secureworks Counter Threat Unit (CTU) found that cyberattackers are targeting misconfigured Elasticsearch cloud buckets for extortion purposes. After finding data exposed on the public Internet, the attackers then steal the wide-open data and replace it with a ransom note. At the time, nearly 1,200 instances had been affected.

Thus, enterprises should dedicate resources to cloud security, including planning for safe and resilient configurations and automated processes to monitor for mistakes and oversights, researchers noted.

Bambenek says there’s evidence that things are getting better.

“It’s taken a few years, however we are making real strides in not only having default-secure settings, but for security tools to start detecting misconfigurations and malicious behavior in cloud environments,” he tells Dark Reading.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!