Clues to the alleged Capital One hacker’s crimes were all over the internet
The hacker who allegedly infiltrated Capital One to access personal information belonging to roughly 106 million people made it easy for the FBI to track her down: There were clues spread across a variety of popular websites.
Paige A. Thompson, a 33-year-old Seattle-based software engineer, bragged about taking data from Capital One’s Amazon Web Services instances on a private Slack channel and a public GitHub post from an account that displayed her full name. When another GitHub user noticed Thompson’s claims, they alerted Capital One, and it wasn’t long before the bureau was involved.
In one private message included in the complaint, Thompson allegedly told a friend via Slack, “I’ve basically strapped myself with a bomb vest, f—ing dropping Capital One dox and admitting it. I wanna distribute those buckets … There’s SSNs..with full name and [date of birth].”
Thompson’s Github page also linked to her GitLab profile, which included her resume, address and other contact information. Additionally, the GitHub profile had a list of IP addresses that were associated with a virtual private network known as IPredator. That list of IP addresses matched up with ones used to access Capital One’s cloud storage, the complaint alleges.
Much of her activity on GitHub appeared to be focused on Netcrave, a web hosting company Thompson has operated since 1999, according to her resume. One GitHub post about Netcrave servers included code apparently meant to automate processes with open-source container-orchestration system Kubernetes. Another contained a bot meant to help Netcrave administrators chat on Slack or via internet relay chat.
Thompson now faces a five-year prison sentence and a fine of up to $250,000 if convicted.