Alleged Capital One hacker may have hit other targets

Posted at 8:14 AM, Jul 31, 2019

The Justice Department may bring additional hacking charges against Paige Thompson, the former engineer accused of downloading more than 100 million Capital One customers' personal information.

"The investigation is ongoing and additional charges are a possibility," Emily Langlie, communications director for the US Attorney's Office for the Western District of Washington, told CNN by email.

Thompson, 33, allegedly hacked Capital One, posted the tools she used to do so to Github, and talked about it with friends online, according to a complaint against her filed Monday.

The complaint also references a Slack channel and says she posted there under the name "erratic." While the complaint partially redacts the channel's name, it does quote from it. The channel, called netcrave, was deleted early Tuesday afternoon, but CNN was able to view erratic's posts on it hours before.

While the indictment lists the channel only as "Net*****," CNN was able to confirm the full name of "netcrave" by comparing quotes listed in the indictment with those that were live in the netcrave channel.

In one Slack conversation on June 27, erratic pasted a long list of compressed filenames and their sizes, indicating they were caches of hacked files. Many were listed as being dozens of gigabytes, indicating a huge mass of files.

Not all of the filenames in the list made it obvious from where they were supposedly hacked, but erratic discussed some of them in the Slack. One of the files, which was listed at 28 GB of data, was "capitol one," erratic wrote later in the chat. Another site erratic listed as being the " dept of transportation." Erratic also mentioned the British telecommunications company Vodafone, California IT company Infoblox, Ford, and Michigan State University.

Erratic listed only filenames in the Slack channel, and not files themselves.

All five of those organizations, reached for comment, said that they were looking into the matter, but none said that they had been hacked.

"Infoblox is continuing to investigate the matter, but at this time there is no indication that Infoblox was in any way involved with the reported Capital One breach," Infoblox spokesperson Erica Coleman told CNN. "Additionally we have not been contacted by the FBI however if contacted we fully intend to cooperate with law enforcement."

"This was brought to our attention this morning and we have since then reached out to the FBI and are working with them to determine if there has been any access to ODOT data systems," said Erica Hawkins, a spokeswoman for the Ohio Division of Transportation.

"We are investigating to determine even if Ford's information is involved," Ford spokeswoman Monique Brentley told CNN.

"We take security very seriously," said Vodafone spokesman Adam Liversage. "Vodafone is not aware of any information that relates to the Capital One security breach."

"MSU receives hundreds of threats and attacks each day on our system," Michigan State spokeswoman Emily Guerrant said in an email. "We investigate and fend these off daily, and it's hard to know if one of them recently was alleged hacker from the Capital One situation. I did flag the slack channel posting and our team is looking into it, but even that wasn't much for them to go on."

A lawyer for Thompson did not immediately respond to a request for comment.