How Paige Thompson Hacked the Capital One Firewall
The 2019 Capital One hack was committed by a transgender person going by the name Paige Thompson. Paige essentially committed the hack and bragged about it on social media in order get attention from others. This crime could be labeled a cry for help, as Paige was suffering from mental health issues as well. Paige was being held in the men’s detention center prior to trial but was released on grounds that the judge feared the defendant might self-harm himself due to inadequate mental health treatment in the facility (Stone, 2019). The trial for Paige is currently set for November 4th, 2020 (US Department of Justice, 2020).
While the actor’s motives and objectives have not been argued in the court of law, they can be fairly accurately surmised from news articles on the case. Thompson had worked for Amazon Web Services, which hosted the data for Capital One. Thompson exploited a misconfigured firewall on the servers and in doing so was able to obtain privilege escalation (Krebs, 2019). He did this by creating a program that would scan the web applications of all clients of AWS, searching in particular for that specific firewall misconfiguration. Once it was found for Capital One, Paige then set about downloading reams of data. All in all, approximately 100 million customers of Capital One had their data compromised by the hack. The only reason the hack was known about, however, was because the hacker posted his doings on GitHub, the programmer code-sharing social media site. Thompson obviously wanted to win the attention of other programmers, coders and hackers. But when a user on GitHub contacted Capital One about the possibility of a hack, based on the information posted by Thompson, Capital One reached out to the FBI. The FBI then traced the postings on GitHub back to Paige Thompson and an arrest was made (Krebs, 2019).
Based on that information, it is apparent that Thompson knew about the misconfigured firewall from time spent at AWS, and he used that knowledge to exploit the firewalls of clients and gain access to their data. That Thompson never actually used the information in a ransomware attack or to hold data hostage...
Considering Thompson’s other unusual posts and
gender dysphoria, it is likely that this was a cry for help.
Thompson used knowledge from working at AWS to attack the systems of AWS, which is an ethics violation first of all. Thompson then wrote a script to scan the web applications. Though this is normal operating procedure for hackers, it is not something that most people would do unless they had criminal intent. Normally, however, hackers do this to gain financially. Thompson did not, which raises the likelihood of this being a mental health issue more than a criminal justice issue. While his strategy was successful because he had insider knowledge on AWS programming, his actions are what led to his being caught by federal agents. The need to show off and boast about what he had done led the authorities right to him. Typically, hackers try to remain anonymous...…health issues used programming to vent his frustration and draw attention for himself in what was a cry for help. The data was not used for exploitative purposes. The system configuration flaw was addressed and it overall highlights the need for companies to conduct better security reviews of their digital systems. Capital One has been sued, however, by the same company that went after Yahoo! and Equifax after their respective data breaches. As Equifax settled out of court with for $700 million and Yahoo! for $117 million, it is likely that Capital One would also settle for an amount somewhere between those two, based on the number of people impacted (Dellinger, 2019). Thus, the reality is that hacks of this nature may seem like no big concern but they can be immensely costly down the line. Thus, it is worth investing in security risk mitigation protocols.
In conclusion, the 2019 hacking of Capital One was an isolated incident in which a disgruntled programmer from AWS was seeking attention as a way to deal with mental health issues. Capital One was not targeted specifically; it was simply the company found to have an exploitable firewall weakness after Thompson wrote a script to scan AWS client web applications or a way in. The weakness could have been prevented had it been known about by Capital One’s data security team, but there was clearly a disconnect between the reality of the firewall and the team’s understanding. This is why communication between hosting providers like AWS and its clients’ security teams is important and should be conducted with more frequency.
References
Dellinger,…
