Capital One informed law enforcement officials, and Ms. A month later, the woman contacted Capital One and told the bank about the breach. Thompson turn herself in to the authorities, prosecutors said. Thompson said in copies of the online chat that were included in court records, referring to her plan to publicly release the data and expose herself. “I’ve basically strapped myself with a bomb vest,” Ms. Thompson added she had considered sharing the data with a scammer, and said she would publicly reveal her involvement in the breach. Thompson sent online messages to a woman and disclosed what she had found, legal filings said. #Capital one phone number downloadBy March, she had discovered a vulnerability that allowed her to download data from Capital One, the prosecutor added. “Thompson scanned tens of millions of AWS customers looking for vulnerabilities,” Mr. Thompson searched for its customers who had not properly set up firewalls to protect their data. In early 2019, several years after she stopped working for Amazon Web Services, Ms. Just as Amazon stores millions of physical goods in a dizzying array of warehouses, Amazon Web Services hosts vast amounts of data for other companies that rent space on its servers. Thompson occasionally struggled with her mental health and at times felt alienated from her peers in the tech industry, who she worried did not accept her transition, she wrote on social media and a personal blog. In 2015, she secured a job at Amazon Web Services, the cloud computing wing of the online retail giant, and worked there for a little over a year. #Capital one phone number softwareThompson was already working in a series of software development jobs. She dropped out of high school and made plans to move to Seattle, where she would eventually join a thriving community of technologists and begin a gender transition. Thompson grew up in Arkansas, where she struggled to fit in but excelled with computers, according to court records. But downloading thousands of files and setting up a cryptocurrency mining operation were “intentionally malicious actions that do not happen in the course of testing security,” Mr. It is not uncommon for security researchers to test vulnerabilities they discover, making sure that they result in flaws that expose data, before reporting the problems to companies so they can be fixed. “Legitimate people will push a door open if it looks ajar,” said Chester Wisniewski, a principal research scientist at Sophos, a cybersecurity firm. Thompson had ventured too far into Capital One’s systems to be considered a white-hat hacker. “She was motivated both to make money and to gain notoriety in the hacking community and beyond.” attorney for the Western District of Washington, wrote in a legal filing. “Even if her actions could be broadly characterized as ‘research,’ she did not act in good faith,” Nicholas W. Instead, she chatted with friends online about how she might be able to profit from the breach, according to legal filings. Thompson had no interest in helping Capital One plug the holes in its security and that she cannot be considered a “white hat” hacker. The Justice Department has argued that Ms. The law “doesn’t give a lot of visibility to people on what could get you in trouble and what couldn’t get you in trouble,” Mr. “They are interpreting a statute so broadly that it captures conduct that is innocent and as a society we should be supporting, which is security researchers going out on the internet and trying to make it safer,” said Brian Klein, a lawyer for Ms. Thompson’s discovery of flaws in Capital One’s data storage system reflected the same practices used by legitimate security researchers and should not be considered criminal activity. Thompson had planned to use the information she gathered for identity theft, and had taken advantage of her access to corporate servers in a scheme to mine cryptocurrency. #Capital one phone number trialThompson’s trial will raise questions about how far security researchers can go in their pursuit of cybersecurity flaws before their actions break the law. Last month, the Justice Department told prosecutors that they should no longer use the law to pursue hackers who engaged in “good-faith security research.” And in April, a federal appeals court ruled that automated data collection from websites, known as web scraping, did not violate the law. The Supreme Court narrowed the scope of the law last year, ruling that it could not be used to prosecute people who had legitimate access to data but exploited their access improperly. In recent years, courts have begun to agree. Stacey BrownsteinĬritics of the computer fraud law have argued that it is too broad and allows for prosecutions against people who discover vulnerabilities in online systems or break digital agreements in benign ways, like using a pseudonym on a social media site that requires users to go by their real names.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |