Cybercrime , Fraud Management & Cybercrime , Standards, Regulations & Compliance
Alleged Capital One Hacker Released From Prison
Paige Thomson Will Stay in Halfway House Until Her 2020 TrialAlleged Capital One hacker Paige A. Thompson has been released from prison and will stay in a halfway house until her trial begins in early 2020, according to court documents.
See Also: Ransomware Demystified: What Security Analysts Need to Know
As part of her release, Thompson agreed to not access a computer or the internet, and she must wear a GPS tracking device, according to the court documents. She also agreed to surrender her passport.
Thompson was not required to post bond money; she only had to agree to follow the rules set by a federal judge, according to court documents.
The FBI and U.S. Department of Justice charged Thompson in August with hacking into Capital One's IT network and stealing the personal information of 100 million U.S. individuals as well as 6 million in Canada.
Thompson, 33, has pleaded not guilty to federal charges of wire fraud and computer crime and abuse. In other recent court filings, FBI agents note that investigators are will sorting through between 20 and 30 terabytes of data that Thompson allegedly took and stored at servers in her Seattle-area home. Federal prosecutors believe that she may have accessed data at 30 other businesses and organizations over several months, and additional charges may follow (see: Capital One Hacking Trial Delay Likely).
If convicted on both counts, Thompson faces a maximum of 25 years in federal prison.
Defense Attorneys Fight for Release
FBI agents first arrested Thompson on July 29 at her home and confiscated computer equipment and other evidence of her alleged hacking activity at that time. Since then, she had been held in federal custody.
Over the last several months, however, her defense attorneys have filed documents with the federal court that Thompson is not a danger to herself or society and that she should be released until the start of her trial, which was originally slated for November but has been pushed until 2020 due to the large amounts of evidence involved, according to court papers.
In addition, Thompson’s lawyers argued that as a transgender woman, Thompson's detention in an all-men facility could lead to abuse, court records show.
Federal prosecutors had objected to Thompson's release, claiming she was a flight risk. On Monday, however, U.S. District Judge Robert Lasnik, who is overseeing the case, agreed with the defense and ordered Thompson's release as long as she follows a list of conditions.
That list included requirements that Paige will not access any PDAs, gaming systems, internet-enabled TV, public WiFi or mobile internet systems, according to the court documents.
Brian Klein, one of Thompson's defense attorneys, took to Twitter after the judge's order was announced.
Just left federal court in Seattle, where we were successful in getting Paige Thompson released pending trial (over the strenuous objections of the prosecutors).
— Brian Klein (@brianeklein) November 4, 2019
Federal prosecutors did not respond to a request for additional comment.
Hacking Capital One
Sometime between March and July, Thompson allegedly took advantage of a misconfigured firewall within Capital's One network and then gained access to several years' worth of credit card data stored within the company's cloud storage system, according to the federal indictment.
To bypass security within the organizations she targeted, Thompson allegedly created tools to scan servers hosted by a cloud computing company, according to the indictment. She looked for misconfigured web application firewalls that would allow her to send commands from outside the networks to access the data stored within the networks, prosecutors allege.
Although the cloud provider involved is not specified the indictment, Capital One has previously stated that it uses Amazon Web Services for its cloud infrastructure and that it also uses the company's Simple Cloud Storage Service, or Amazon S3, to store its data. Thompson briefly worked at AWS, according to news reports.
In October, several Democratic lawmakers asked the U.S. Federal Trade Commission to open an investigation into whether Amazon violated federal law by failing to prevent the Capital One breach (see: Senators Push for FTC Probe Into Amazon Over Capital One).