
Paige Thompson, Capital One Hacking Suspect, Left a Trail Online - eastbayjake
https://www.nytimes.com/2019/07/30/business/paige-thompson-capital-one-hack.html
======
Freedomfyter808
Check out #freeshane on Twitter or fb. Been getting turned into gibberish or
blocked. I know the mastermind is almost blind so screenshots work tho they
even used my own cousin against me

She was only transwoman allowed in the ZCLUB per mgt. She got drugged and used
as scapegoat. I woke up in Swedish Edmonds. Idiots let me go once they
realized my comps were at my hotel. I screamed I'm gonnna be pissed if I miss
my hotel brunch. It was 2a not afternoon. Claim I assaulted 4 shorelines PD.
Never hit anyone in my life. I lack fight or flight, no stimuli hence was
great at piecing this together and my partner and I dodged a ton of traps
ourself. Palantir is here folks and it starts with the gays for monied daddies

Frightenly involves my partner who went Mia from his probation in a coerced
LEAD program participant by his "daddy landlord who encouraged employement at
z though it would expose to drugs. Conviently probation revoked and a month in
Valentines got my first STD because we were being sober, but he was too tired
to entertain zClub's "John" James Booth of barebackrts video and hookup
Discovered too much underground for me tho porn stars were a thrill, but tech
is here folks i am lucky I have money and funding but others are very
verenable like Paige and my partner Shane. I've seen 1999 citations close in
2009. It's the poor being rats to each other for the rich's vigilante. Hope to
hear her out, bc when I talk to my partner he has a hard time too--we all have
antibiotic allergy that seizures and we forget. They tried to in Swedish, but
i was not a product of Seattle "LEAD" program where they force you an
intensive CDAT to find your deep lvl 3 panic triggers, conveniently paid by
the LEAD fundraisers. See #freeshane Twitter fb is showing blocked by DOS

------
benrrio
Krebs has a good write up on this [1]. The part I found most interesting is
there appears to be a couple dozen companies compromised by Paige, Cap One is
the only one I have seen in the news.

1: [https://krebsonsecurity.com/2019/07/capital-one-data-
theft-i...](https://krebsonsecurity.com/2019/07/capital-one-data-theft-
impacts-106m-people/)

------
hprotagonist
A fine example of why the push for encryption backdoors is wrong-footed: we
can reliably trust people to be idiots online, regardless of intent or skill
level.

good opsec is hard; middling opsec is reasonably easy; "not bragging about
your mad sploits on twitter" is nothing we can trust humans to reasonably do,
apparently!

~~~
tareqak
I agree: there is no such thing as "the perfect crime" and the use of end-to-
end encryption does not make it so. What there is a however is a lack of good,
old-fashioned police-work in criminal cases where the police run up against
end-to-end encryption.

------
danso
I was confused by this line in the affidavit (page 9):

> _An April 19, 2019, post in the Github account of "paige•••••thompson"
> includes a "Server List" of IP addresses associated with the account._

What Github "post" could this be referring to? A README.md/issue/comment in
which she for some reason posted the IP addresses she uses with that account?

[https://www.justice.gov/usao-wdwa/press-
release/file/1188626...](https://www.justice.gov/usao-wdwa/press-
release/file/1188626/download)

~~~
amyjess
The first thing that comes to mind is a gist.

~~~
bin0
Correct. Some gists were still up yesterday when I looked (her github was
down, though), and it seems she had a habit of posting logs of stuff, text
snippets, etc. there.

------
kgwgk
“Honestly if I were president I would give her an immediate pardon. Either she
is innocent and is being rather unsubtly framed, or she is guilty and no
punishment can compare to the embarrassment of being caught like this:
[https://www.bloomberg.com/news/articles/2019-07-30/tipster-s...](https://www.bloomberg.com/news/articles/2019-07-30/tipster-
s-email-led-to-arrest-in-massive-capital-one-data-breach)

[https://www.bloomberg.com/opinion/articles/2019-07-30/beyond...](https://www.bloomberg.com/opinion/articles/2019-07-30/beyond-
meat-comes-back-for-seconds)

------
strikelaserclaw
It seems like she had mental problems. Hopefully she gets help instead of the
gov't seeking retribution.

------
ishtanbul
its like she wanted to get caught

------
drenvuk
So this guy is a crazy braggart. This isn't the first time this has happened.
Some other guy was taunting the FBI and left metadata in one of his images
when he posted to Twitter.

It's best to not be loud in the first place.

~~~
Nicksil
> So this guy is a crazy braggart.

Clearly not a guy

~~~
bin0
Guy can be used in a gender-neutral sense, though it's not really good
grammar. Most romance languages use male for a collective group; people often
replicate this in English (though not always, as not all our words for groups
carry gender). Some people then extend this back to the singular, i.e. "hey
(many) guys" -> "hey (one) guy".

Edit: Down-votes care to comment why?

~~~
neonate
Plural 'guys' is increasingly gender neutral but that hasn't extended to the
singular 'guy' at all.

------
Overtonwindow
I don’t understand why he would brag about it online. Isn’t that just asking
to be caught??

~~~
hestipod
Don't underestimate the power of ego. For most people it's their most powerful
driving force. I cannot speak to her motivations. There is more than one
plausible reason someone would expose themselves IF she in fact did and wasn't
set up. But people "own" themselves all the time despite how intuitively
ridiculous it sounds from the armchair.

~~~
shrimp_emoji
Is it not meant damnable in us to be trumpeters of our unlawful intents?

------
toofy
I used to feel what you likely feel about paying for news—why would i pay for
this when some other site will have it up for free or with ads, capitalism at
work, competition driving the price down to reasonable levels, etc...

Then I realized after seeing what has happened as the masses all came online,
while many of us here can probably distinguish between a reliable news source
and a hack site or a propaganda outlet—a disturbingly large segment of the
population can not.

And to make matters worse, there seems to be a huge number of people who don’t
realize they don’t have what it takes to do reliable research to write a story
and they don’t have what it takes to understand nuanced subjects in order to
explain the subject to readers. Or even worse, they fully realize how ill-
equipped they are but don’t care because vulnerable people will still click
their ads.

Long story short, I now have just short of 20 subscriptions. Including a few
that I rarely read but to me it’s worth it. The collective We really need to
increase the signal levels in order to hear over the noise.

Journalism is definitely one of those cases where The Market can easily lead
to a race to the bottom situation. Hopefully we’ll see it correct and good
journalism will overtake trash, but wow what a rough spot.

~~~
cgriswald
In the context of HN, I don't think that solves the problem. What are the odds
that your 20 subscriptions and my 20 subscriptions will overlap? (To say
nothing about excluding people who can't afford 20 subscriptions.) In order to
have a meaningful discussion about a topic, we needn't necessarily have the
same subscriptions. But to have a meaningful discussion about the article, we
certainly both need access to the article.

Pay-per-article might make some sense, but every time I've seen that they've
charged more than I think it's worth. They generally want about a dollar, and
I'm thinking pennies. And, of course, I have to decide whether it's worth
purchasing _before_ I've read it; at which point it comes down to trusting the
publisher - and then maybe I should just get a subscription.

~~~
bin0
> What are the odds that your 20 subscriptions and my 20 subscriptions will
> overlap?

The odds that they will completely overlap are low. However, most people don't
have 20. Even those who do mostly read a number of prominent sources: nyt,
wapo, wsj are the big three for news these days. Most people subscribe to one,
maybe two and read that. This is arguably bad for competition and bad for
"indie journalism".

Also, I take issue with some of the points of view espoused by the nyt. Their
news content is fairly good (if biased), but my subscription would also go to
pay their editorial board. I don't want to purchase that news, because I don't
want to fund its production. I wish I could buy a news-only subscription: no
"lifestyle", no "fashion", no "editorial", etc. I don't want that stuff. Just
news.

------
whenchamenia
How are we getting past the NYT PayWall now?

~~~
danso
If you're on desktop, isn't it trivial enough to remove/reset cookies from the
nytimes.com domain?

------
bin0
Miss Thompson wins the Darwin Award for black hats. Seriously, she did a
horrible job. Clearly a supremely over-confident script kiddie who went around
talking about being such a 1337 h4x0r... until the cops showed up.

Serves her right, any way. You've got to be a pretty bad person to put the
information of that many people at risk.

------
dsr_
If we assume that Ms. Thompson is generally terrible at opsec, then presumably
she is also terrible at offensive security, which leads to one of two
conclusions:

Either:

A: She is being framed.

or

B: Capital One's security was (and probably still is) laughable.

She doesn't seem to be being framed. If Capital One's security is horrendous,
they are unlikely to be exceptional... so we will see much more of this.

~~~
izend
This tweet alone seems to indicate she definitely did it...

[https://twitter.com/0xA3A97B6C/status/1151901325598187521](https://twitter.com/0xA3A97B6C/status/1151901325598187521)

~~~
th3iedkid
Isn’t all of that anyway in AWS docs ? Would something like this stand as an
evidence to implicate her in US courts?

