Capital One Data Breach - What You Need to Know
Jul 30, 2019
Written by Bernard Mott, Instructor Supervisor, MCT, MCITP, MCTS, MCSE, CCNA, CWNA, CTT, CTP, CEH, A+, CASP, CISSP, CISM, Network+, Security+, Linux LPI
"Yesterday, Capital One and the FBI announced a massive data breach on Capital One’s banking system. Over 100 million accounts had information compromised in the intrusion. The hacker was arrested in Seattle.
The following article, https://heavy.com/news/2019/07/paige-adele-thompson/ describes the attack and includes the actual indictment filed against the hacker, Paige Thompson. The indictment contains the process that the FBI forensic investigator used and the evidence that was collected during the investigation. It’s a fascinating read, even with all the legal jargon. I will definitely add this as a case study in the CEH class.
For those of you who don’t want to read the whole thing, here are the highlights.
1. Paige Thompson was an Amazon Web Services engineer who allegedly planted 3 hacking apps in the capital one servers hosted in the AWS cloud. (AWS is similar to Microsoft Azure.)
2. The information she allegedly extracted from the servers was placed on a public website called GitHub. The same GitHub site that we use to get our Microsoft courseware updates and programming class code.
3. She allegedly used a misconfigured firewall on Cap One’s site to plant the hacking applications on the server.
4. An anonymous GitHub “ethical hacker” discovered the information on the site and notified Cap One, who then contacted the FBI. I suspect that Cap One was unaware that they had been compromised.
5. She allegedly used internet proxy and VPN software (TOR and IPredator) to hide her IP address.
6. The reason she was caught is that she posted the information in her own account on github. The URL was www.github.com/.../PaigeThompson.... (I put the dot’s so you guys wouldn’t try to go there and steal my credit card info.)
7. Also, just to help the FBI a little more, she had uploaded her RESUME to the github site!!
Lessons learned and steps you can take:
1. If you have a capital one account, I recommend that you change your password immediately.
2. Check capital one’s website for the latest information on the hack.
3. Get credit monitoring to ensure that no one is trying to use your info.
4. Don’t put your resume in the same location as the data you’ve stolen."