Seattle – A 36-year-old former Seattle tech worker was convicted today in U.S. District Court in Seattle of seven federal felonies related to her scheme to hack into computer data storage accounts in the cloud and to steal data and computing power for its own benefit, the United States has announced. Attorney Nick Brown. Paige A. Thompson aka “erratic” was arrested in July 2019, after Capital One alerted the FBI to Thompson’s hacking activity. The jury deliberated for ten hours after the seven-day jury trial. Thompson is scheduled to be sentenced by U.S. District Judge Robert S. Lasnik on September 15, 2022.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people and hijacked computer servers to mine cryptocurrency,” U.S. Attorney Nick Brown said. ethical hacker trying to help companies with their IT security, she exploited errors to steal valuable data and sought to enrich herself.”
Thompson was convicted of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The jury found her not guilty of access device fraud and aggravated impersonation.
Using Thompson’s own words in texts and online chats, prosecutors showed how Thompson used a tool she built to scan Amazon Web Services accounts to look for misconfigured accounts. She then used these misconfigured accounts to hack into and download the data of more than 30 entities, including Capital One bank. With some of her access illegal, she installed cryptocurrency mining software on new servers, with mining revenue going to her online wallet. Thompson spent hundreds of hours advancing his scheme and bragged about his illegal conduct to others via text messages or online forums.
“She wanted data, she wanted money, and she wanted to brag,” Assistant United States Attorney Andrew Friedman said in closing arguments.
The intrusion into Capital One’s accounts affected more than 100 million US customers. The company was fined $80 million and settled its customer lawsuits for $190 million.
Wire fraud is punishable by up to 20 years in prison. Illegal access to a protected computer and damage to a protected computer is punishable by up to five years in prison. The ultimate sentence rests with Judge Lasnik who will consider sentencing guidelines and other statutory factors.
The case was investigated by the FBI Seattle Cyber Task Force. The case is being prosecuted by Assistant United States Attorneys Andrew Friedman, Jessica Manca, Tania Culbertson and Steven Masada.