Seattle, Washington, US – A troubled man who once worked for Amazon Web Services as a software engineer has been arrested and charged with computer fraud and abuse after federal authorities accused him of exploiting a misconfigured firewall to pull off one of the largest bank hacks in history. Law enforcement said the suspect, who resided in a home containing an arsenal of weapons, had also threatened to “shoot up” a California social media company.
Paige Adele Thompson, a 33-year-old man who identifies himself online as a “transgender woman,” allegedly bragged in June on social media website Slack under the username Erratic, that he had executed a hack of Capital One.
On his Twitter account, he used descriptive language to suggest that the hack was a suicide mission, and indicated that his plan was to distribute the stolen data: “I’ve basically strapped myself with a bomb vest, f—–g dropping capitol ones dox and admitting it…I wanna distribute those buckets i think first.”
Mr Thompson is accused of making the stolen files publicly available on his GitHub page under his “Netcrave” handle. Special agent Joel Martini of the Federal Bureau of Investigation’s (FBI) Seattle Field Office Cyber Squad unit stated in an affidavit that it was a white-hat hacker who initially alerted Capital One about Mr Thompson, emailing the financial corporation on July 17 a link to the GitHub page where the data had been uploaded. The name Mr Thompson’s resume and the name Paige A Thompson were in the GitHub account.
The FBI was able to track Mr Thompson to his home in the Kenwood neighborhood of Seattle on July 19. Mr Thompson had euthanized his pet cat, and in the midst of his sorrow, had posted a veterinarian letter that displayed his home address.
Ten days later, the FBI executed a search warrant of the suspect’s home, and confiscated numerous digital devices from his bedroom. The mountain of evidence against the suspect is said to include files that reference Capital One and other institutions the FBI believes Mr Thompson has targeted or planned to target, and connects devices to the “Erratic” handle.
The FBI found in the bedroom of Mr Thompson’s housemate, convicted felon Park Hung Quan, an arsenal of “largely unsecured and accessible” weaponry, including “several assault rifles, a sniper rifle, and hand guns.” Illegal bump stocks that enable a shooter to fire a semi-automatic rifle like a machine gun, ammunition and “inert replica grenades” were also discovered in the home by the FBI. “Some of the guns were loaded, including one with a high capacity magazine. Further, some of the guns appears to be illegal firearms,” the FBI attested. Despite the fact that Mr Thompson “had threatened to ‘shoot up’ the office of a California social media company” and was the subject of numerous restraining orders, the arsenal was “largely unsecured and accessible to [Quan’s] housemates,” the papers state. Mr Quan, who was once investigated for a “contract murder plot,” was arrested on the day of the raid.
The Capital One data breach affects approximately 106 million people – 100 million in the US and six million in Canada. All existing customers, previous customers, and everyone who has ever applied for a Capital One card are at risk. The data includes 140,000 Social Security numbers and 80,000 bank account numbers, as well as credit histories, names and addresses.
If convicted of the charges, Mr Thompson faces up to five years in prison and a $250,000 fine.
The accused hacker, who changed his name from Trevor Allen Thompson in 2009, was an employee of Amazon’s cloud division between 2015 and 2016. As a client of Amazon Web Services, much of Capital One’s IT infrastructure is dependent on Amazon’s cloud computing services platform.
Mr Thompson’s resume shows he has been unemployed since leaving Amazon in 2016. The community college dropout had frequently lamented online about his difficulty in forming friendships, and had repeatedly expressed a desire to commit physician-assisted suicide in Denmark.
The man, who was born in Tuvalu, an island in the Pacific, claimed on Twitter to be residing illegally in the United States. He tagged the Seattle Police Department and Donald Trump in tweets that read: “I would like to make good on the deportation initiative and surrender myself to detainment and deportation. I am in this country illegally, I just want to get this over with. What should I do?” and “I am unable to physically relocate back to where I came from, is there a line to get in perhaps I could catch a flight out with some other folks who are going back?”
Gender critical feminists took to social media spaces like Reddit to voice their complaints about Mr Thompson being identified simply as a “woman” or “female” in nearly all media reports of the incident. They believe the practice has the result of artificially inflating women’s crime rates as an increasing number of male criminals legally identify as women. Women compose approximately 6% of the prison population of the United States.
UPDATED: 12:18 AM Friday, August 9, 2019 UTC: Threats of shooting and discovery of arsenal added.
Read more on this story
Capital One hacker suspect threatened to ‘shoot up’ tech company and had access to assault rifles
The suspected Capital One hacker threatened to “shoot up” a California social media company and was living in a house-turned-arsenal with a convicted felon who had once been arrested for being part of a “contract murder plot,” federal court papers in Seattle revealed.
Capital One Hacking Suspect Showed Strange Online Behavior
Wall Street Journal
The 33-year-old woman accused of executing one of the largest-ever data thefts at a bank showed strange behavior online in recent months, at times bragging about her exploits and discussing deep struggles in her personal life.
Who is alleged Capital One hacker Paige Thompson?
New York Post
Capital One hacking suspect Paige Thompson presented herself on social media as a cat-loving software engineer, who found it hard to make friends and was open about her struggles as a transgender woman.
United States District Court for the Western District of Washington at Seattle
The United States Department of Justice
Before, the Honorable Mary Alice Theiler, United States Magistrate Judge, United States Courthouse, 700 Steward Street, Seattle, Washington.
Capital One Data Theft Impacts 106M People
Krebs On Security
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp.