Cybercrime , Fraud Management & Cybercrime
Capital One Hacking Trial Delay Likely
Prosecutors, Defense Attorneys Ask Judge for Delay, Citing Massive Amounts of Data to ReviewDefense and prosecution attorneys are asking for a delay in the trial of alleged Capital One hacker Paige A. Thompson, citing the overwhelming amount of digital evidence in the case and the ongoing forensics investigation. Prosecutors also expect to file additional charges.
See Also: Ransomware Demystified: What Security Analysts Need to Know
On Tuesday, the attorneys filed a motion for a continuance, seeking to delay the trial until at least March or April of 2020; the trial had been slated to begin Nov. 4.
FBI agents are still sorting through between 20 and 30 terabytes of data that Thompson allegedly stole over the course of several months and stored in devices at her Seattle-area home, according to newly filed court documents.
Thompson, 33, has pleaded not guilty to federal charges of wire fraud and computer crime and abuse. She remains in federal custody (see: Alleged Capital One Hacker Pleads Not Guilty).
If convicted on both counts, Thompson faces a maximum of 25 years in federal prison.
"The government has indicated that it expects to add additional charges in this case, as forensic investigation continues and additional computer entities it believes are victims are identified," according to the court documents.
FBI agents involved in the case noted in previous court documents that Thompson could have accessed data from about 30 businesses and organizations. Thompson also allegedly used her access to cloud computing resources to illegally mine for cryptocurrency (see: Paige Thompson Charged With Hacking 30 Organizations).
Massive Amount of Data
In the new motion submitted by prosecutors and the defense team on Tuesday, attorneys in the case called the amount of data "beyond the typical matter.”
The Capital One data stolen, prosecutors say, included personal information on 100 million U.S. individuals as well as 6 million in Canada.
"This case involves an immense amount of electronic discovery, well beyond the typical matter," according to motion filed by federal prosecutors this week. "Approximately 20-30 terabytes of electronic data currently are under review and being processed for inspection and/or production. Moreover, this case involves sensitive material, beyond the typical matter."
When the FBI first arrested Thompson on July 29 at her home, agents noted that they confiscated servers and other computer equipment. They said these devices contained "multiple terabytes of data." The new court documents offer additional details.
Investigators sorting the data found traces of "malware" within some files, the new court documents from prosecutors state. Because the data includes large amounts of sensitive personally identifiable information, the investigation is proving to be time-consuming, the documents note.
The forensic investigation of the data, so far, has also turned up "internal and proprietary company records," prosecutors write in their documents.
Reasons for Delay
Federal prosecutors and the defense team note in the court papers that all the evidence must be turned over to Thompson's defense team as part of the legal discovery process to ensure a fair trial – another reason to delay the trial from November until next year.
Federal prosecutors also say they need additional time to prepare to present testimony from witnesses, experts and alleged hacking victims.
"A trial in this case likely would span multiple weeks and include testimony from many … witnesses and hundreds of exhibits," according to the documents. "The United States anticipates the prosecution evidence would include dozens of representatives of companies alleged to be victims, many from overseas, and expert testimony regarding multiple topics, including forensic analyses of computer and other electronic evidence, and malware and computer scripts, among other things. After reviewing discovery and conducting its own investigation, the defense likewise may present similar evidence at a trial."
Capital One Hack
Sometime between March and July, Thompson allegedly took advantage of a misconfigured firewall within Capital's One network and then gained access to several years' worth of credit card data stored within the company's cloud storage system, according to the federal indictment (see: Woman Arrested in Massive Capital One Data Breach).
To bypass security within the organizations she targeted, Thompson allegedly created tools to scan servers hosted by a cloud computing company, according to the indictment. She looked for misconfigured web application firewalls that would allow her to send commands from outside the network to access the data stored within the networks, prosecutors allege.
Although the cloud provider involved is not specified the indictment, Capital One has previously stated that it uses Amazon Web Services for its cloud infrastructure and that it also uses the company's Simple Cloud Storage Service, or Amazon S3, to store its data. Thompson briefly worked at AWS, according to news reports (see: Capital One: Where Did the Bank Fail on Defense?).
FBI agents have alleged that Thompson tried to conceal her identity and location while stealing data by using a virtual private networking service called iPredator as well as using the anonymizing Tor network to access the cloud computing servers.