The woman arrested for allegedly stealing data from Capital One and over 30 other organizations has also been accused of crypto-jacking, in a new indictment filed on Wednesday.
Paige Thompson, 33, was charged with wire fraud and computer fraud and abuse related to the incidents, with each charge carrying a penalty of up to 25 years in prison.
The details of her alleged cyber-attack on Capital One, which resulted in a data breach affecting around 100 million customers and card applicants, are pretty well known. The former Amazon Web Services (AWS) employee is said to have used scanning software to identify AWS customers who had misconfigured their firewalls, before stealing sensitive data from their servers.
However, the indictment also alleges that Thompson used this computer access and stolen computing power to make money for herself by mining for cryptocurrency.
So-called crypto-jacking is an increasingly popular tactic among cyber-criminals for making money. It has even been used by North Korean state hackers to help amass a fund of $2bn for the country’s missile and nuclear programs, according to a recent UN report.
Last week, it was also revealed that several nuclear power plant workers in Ukraine were arrested after they tried to use the facility’s supercomputer to mine for digital currency.
Although investigators are still working to identify all of Thompson’s alleged victims, some were revealed in the new indictment.
They include a “state agency outside the State of Washington; a telecommunications conglomerate outside the United States; and a public research university outside the State of Washington.”
Law enforcers were first alerted to Thompson after she allegedly shared information with a fellow GitHub user related to a data theft at Capital One.