Advertisement

Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say

Prosecutors say Paige Thompson is a “serious flight risk” in part because of the amount of evidence against her. The judge in the case says he might consider releasing her from detainment, though.
Paige Thompson, capital one breach
It’s a significant ruling which effectively affords the attorneys suing Capital One with a breakdown of which bank behaviors were successful, and which failed. (Getty)

Investigators probing the Capital One data breach say they have between 20 and 30 terabytes of data in their possession as they prepare for trial against the alleged hacker, Paige Thompson, according to court documents obtained by CyberScoop.

The government now is parsing through millions of individual files, prosecutors said, as well as a spreadsheet agents say they found recently on Thompson’s computer, which contains aggregated information apparently stolen from Capital One.

“[B]asically, each line is one credit card applicant and information about that person,” Assistant U.S. Attorney Andrew Friedman told a federal court during a detention hearing Oct. 4. “Some of it is coded information that means nothing to us, like what particular offer they received; some of it … is the names and dates of birth and the last four digits of Social Security numbers and things like that. … It’s hard to know exactly what this is.”

Friedman argued to the U.S. District Court for the Western District of Washington that Thompson, a former software engineer, is a “serious flight risk” in part because of the amount of evidence against her. U.S. District Judge Robert Lasnik has not yet ruled on the defense’s request for Thompson to be released from federal detention to a halfway house as she awaits trial.

Advertisement

Beyond the Capital One case, Thompson is charged with accessing information about more than 30 other organizations in and outside of the U.S. by using custom scanning software that searched for misconfigured firewalls meant to protect corporate information stored in the cloud. While the Department of Justice has not identified specific victims, researchers have suggested other targets included Vodafone, Ohio’s Department of Transportation and Michigan State University. The breaches involve information about more than 100 million people.

Thompson, a former Amazon employee, pleaded not guilty after she was arrested in July. Prosecutors have argued she should remain behind bars until her trial, now scheduled for March 2020.

In the Oct. 4 hearing, Lasnik sought details from defense attorney Mohammad Hamoudi about how long Thompson would live in a halfway house, where she might move after and how she would make money.

Hamoudi also has said Thompson, who is transgender, would would have more reliable access to health care providers to help her work through what prior court documents described as a “significant history” of mental health issues. That argument seemed to resonate with Lasnik.

“It’s not easy to be a transgender person under the best of circumstances, and very few transgender people exist under the best of circumstances,” the judge said. “I’m very concerned that the Bureau of Prisons wouldn’t allow her mental health treatment provider in and that they say, well, we have our own people. But, you know, my experience with that has not always been very good, about — well, they’re general practitioners and they’re not specialists or anything like that.”

Advertisement

Lasnik went on to cite a case in Idaho in which a transgender inmate was housed in a men’s facility, despite transitioning to become a woman, and resorted to self-harm after authorities there ignored the inmate’s concerns.

Later in the hearing the judge took the unusual step of addressing Thompson directly to assuage her that he is taking her safety seriously. At one point, Lasnik compared the treatment of transgendered people in the U.S. criminal justice system today to the way gay and lesbian Americans were treated decades ago, when Supreme Court justices “wrote some of the worst opinions about gay rights and sex[.]”

“I want you to know that I don’t look at you as any kind of freak or any kind of person who doesn’t deserve the full panoply of human rights that anyone sitting there does,” he said. “I see you as a person who has been accused of a serious crime … So I’m not prepared to release you today, but I’m seriously considering putting something together along the lines of what Mr. Hamoudi was talking about.”

A copy of the full court transcript is available below.

[documentcloud url=”http://www.documentcloud.org/documents/6473768-CyberScoop-USA-v-Paige-Thompson.html” responsive=true]

Advertisement

Greg Otto contributed reporting.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts