Alleged Capital One hacker barely bothered to hide

Latest News

Alleged Capital One hacker barely bothered to hide

By GENE JOHNSON and FRANK BAJAK Associated Press

August 01, 2019 05:50 AM

ORDER REPRINT

Vehicles are parked outside the home of Paige A. Thompson, who uses the online handle “erratic,” Wednesday, July 31, 2019, in Seattle. Thompson was taken into custody Monday at her home and has been charged with computer fraud and abuse in connection with hacking data from more than 100 million Capital One credit holders or applicants.


Ted S. Warren

AP Photo


SEATTLE

The 33-year-old former Amazon software engineer accused of hacking Capital One made little attempt to hide her attack. In fact, she effectively publicized it.

It’s one of many riddles swirling around Paige Thompson, who goes by the online handle “erratic.” Well-known in Seattle’s hacker community, Thompson has lived a life of tumult, with frequent job changes, reported estrangement from family and self-described emotional problems and drug use. 

FBI agents arrested Thompson Monday for allegedly obtaining personal information from more than 100 million Capital One credit applications, including roughly 140,000 Social Security numbers and 80,000 bank account numbers. There is no evidence the data was sold or distributed to others.

Thompson, in federal custody pending an Aug. 15 detention hearing, wasn’t reachable. Her public defender, Mohammad Hamoudi, did not return an emailed request for comment.

Unlimited Digital Access: Only $0.99 For Your First Month

Get full access to The Bellingham Herald content across all your devices.

SAVE NOW

But her online behavior suggested that she may have been preparing to get caught. More than six weeks before her Monday arrest, Thompson had discussed the Capital One hack online with friends in chats and in a group she created on the Slack messaging service.

Those chats and the recollections of others offer a sketch of someone talented and troubled, grappling with what friends and her own posts indicate was an especially bumpy crossroads in her life.

Friends and associates described Thompson as a skilled programmer and software architect whose career and behavior — oversharing in chat groups, frequent profanity, expressions of gender confusion and emotional ups and downs — mirror her online handle. 

“She had a habit of openly struggling with her state of mind in public channels,” said Aife Dunne, an online friend. “It’s where her screen name comes from.”

Prior to working for Amazon, Thompson held six jobs, each for less than a year, at organizations such as ATG Stores, Onvia Inc. and Zion Preparatory Academy. She joined Amazon in 2015 to work at Amazon Web Services, a division that hosted the Capital One data she allegedly accessed illegally beginning in March.

When Thompson departed that job in 2016, she lost her apartment and moved into a group home. FBI agents who searched that house after her arrest also detained the owner, a convicted felon, for illegal possession of firearms when they discovered roughly 20 guns, including assault rifles, on the property.

In a Wednesday court filing, federal authorities also accused Thompson of threatening to “shoot up” a California social media company.

Along the way, Thompson forged friendships online and impressed many with her programming talent. But she had also alienated many local hackers.

She dominated, sometimes monopolized chats on her favorite channel on Internet Relay Chat, a hacker mainstay, and in the Slack group she created. She was also active on Twitter. The Associated Press obtained access to the Slack group, which was deleted Tuesday, and to IRC messages dating back to February 2018.

Thompson openly discussed the hack with friends and associates on several of those channels beginning in mid-June. In April, she created the group “Seattle Warez Kiddies” on the site Meetup — the month after prosecutors say she began hacking Capital One.

Friends told the AP they didn’t believe she had carried out the Capital One hack with malicious intent or for profit.

These people said they believed the unemployed Thompson — destitute and, by her own account, grappling with serious depression — believed the hack could bring her attention, respect and a new job. 

“I think she wanted to release all of this responsibly but she didn’t know how to do it,” said Aleyna Vaughan, 36, a friend who said she has texted with Thompson nearly every day for the past two years.

While often endearing online, Thompson could also be alienating and even menacing. Members of Seattle’s “white hat” hacking community said Thompson had sometimes bombarded them with automated emails in what amounted to denial-of-service attacks.

Friends said Thompson was estranged from her mother, with whom she had moved from Arkansas as a child, and that her father had long been out of her life.

Sarah Stensberg said her husband, Kevin, met Thompson in a coding group for young people in the Seattle area and lived with her for a while. Thompson’s abusive behavior eventually led the couple to cut off contact in 2011, she said. Prior to that, they sometimes took Thompson to Seattle’s Harborview Medical Center for mental treatment.

“We’d get her into inpatient treatment, we’d visit her, and she’d seem to be doing well,” Stensberg said in an interview Tuesday. “Then she’d go off the deep end. We couldn’t deal with it anymore.”

Thompson repeatedly stalked and harassed them, the couple said, sending them multiple insulting and demeaning messages, until they moved to get away. Then, they allege, she used geolocation tracking from online postings to find their new home. Last fall, the couple obtained protection orders against Thompson, which the AP reviewed along with their petitions.

In the Slack group, Thompson wrote in late June that she was seeing a therapist at least twice a month.

“Never a moment in which my mind can just be free,” she typed, posting a photo of herself in new Armani sunglasses. After noting that she regretted her hacks and harassment of others, she wrote, “it f(asterisk)(asterisk)ing pisses me off, it pisses me off even more that im not in jail.”

Her Twitter feed also reflected struggles.

“I’m going to go check into the mental hospital for an indefinite amount of time,” she wrote in a public tweet on July 4. “I have a whole list of things that will ensure my involuntary confinement from the world. The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.”

Thompson, who said in chats that she had been transitioning to a woman since age 22 with hormone treatment, wrote on the Slack group that her gender transition might have contributed to her mental anguish. She often discussed her use of legal and illegal drugs online.

The subject of suicide also arose frequently.

“Ive tried to kill myself a few times,” Thompson wrote on IRC on April 19, 2018. “I cant do it.”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.