Capital One hacker Paige Thompson pleads not guilty on all counts
Thompson is accused of compromising data on 106 million Capital One customers in the US and Canada
The alleged Capital One hacker Paige Thompson has pleaded not guilty to all charges on her first appearance in court.
Appearing at the Western District of Washington federal court late last week, Thompson pleaded not guilty to charges that included wire fraud, and computer fraud and abuse. She could be sentenced to up to 25 years in prison if convicted. A full trial is now scheduled to start on Monday 4th November.
Thompson is accused of compromising Capital One's internal systems, hosted on the Amazon cloud, taking advantage of a poorly secured firewall to gain access earlier this year. Thompson is also accused of using a similar method to gain access to more than 30 other organisations, including companies across the US, public sector organisations and a major telecoms company outside the US.
The alleged hacker worked for Amazon Web Services (AWS) in 2015 and 2016, but latterly hadn't been working at all, according to her flatmates. According to the indictment released in August, Thompson had been using her server access - at least for Capital One - to mine cryptocurrency. While she had downloaded sensitive customer data, there is no evidence that she leaked it or sought to profit from it.
However, the indictment claims that she was uncovered after boasting online via her GitHub account of having downloaded the data from Capital One. The GitHub user with whom she was corresponding alerted Capital one, which discovered that there had, indeed, been an intrusion. Capital One, in turn, contacted the FBI.
The FBI was able to establish a straightforward link between her GitHub account and her hacking activity was made because she used the same VPN for both, the indictment suggests. "Investigators have found no evidence that Thompson sold or disseminated any of the information she accessed," it added.