This is quite interesting. A Cyberscoop article indicates that according to reports, Page Thompson, the woman who apparently broke in to the Capital One bucket and stole a bunch of data got too light of a sentence.
A federal appeals court overruled a district court judge’s sentence for Capital One hacker Paige Thompson this week, deciding that the sentence of five years’ probation plus time served was too lenient.
For stealing a bunch of info, yes, in my opinion, the sentence was way too light.
Describing the hack as the “second largest data breach in the United States at the time, causing tens of millions of dollars in damage and emotional and reputational harm to numerous individuals and entities,” two of three judges from the 9th Circuit Court of Appeals said they believed that the sentence was “substantially unreasonable.”
Here’s the reasoning behind the sentence, according to this paragraph. It reads:
In deciding on the original sentence in 2022, U.S. District Judge Robert Lasnik considered that Thompson was transgender, autistic and had suffered past trauma. He raised the prospect of Bureau of Prisons decisions under a future presidential administration making life more difficult for transgender inmates. He also noted that the hack wasn’t done in a “malicious manner” and that Thompson was “tormented” about her activities.
I know someone who is disabled who has actually been through the prison system. Yes, it was a different crime, it was not stealing info from some database but a different crime altogether.
Here is the reminder of what she was charged with. BTW, you can search for Page Thompson right here on the blog and get coverage from past articles.
Thompson was charged with stealing data on 106 million Capital One customers after taking advantage of a misconfigured firewall in the bank’s cloud computing system. Over the course of the investigation, the government found terabytes of additional data Thompson took from more than 30 organizations.
So charge her with the rest of the shit she fucking stole from all of the companies we know nothing about from this ordeal and be done with it.
Any side can appeal it seems, both prosecuters and defense it seems. I thought only the defense could do that, but you learn something new every day.
Prosecutors swiftly appealed the sentence, with then-U.S. Attorney Nick Brown saying “this is not what justice looks like.” They argued that the judge gave too much weight to Thompson’s history and personal characteristics.
What history? Being Trans has nothing to do with the crime, in my opinion. I know that there are different opinions on the matter, but committing a crime is committing a crime.
“We agree that the district court overemphasized Thompson’s personal story,” Judge Danielle Forrest wrote, with Judge Johnnie Rawlinson concurring. “Thompson’s personal background and characteristics are, of course, proper considerations at sentencing, but they may not be the sole basis for the chosen sentence.”
The ruling also disputed the district judge saying the hack wasn’t malicious, or that Thompson was tortured over her behavior. Thompson, a former Amazon Web Services software engineer, blamed victims’ incompetence for the theft and encouraged others to hack them, and she also bragged about what she did, the ruling states.
So that should be guilty, guilty, and more guilty. This has nothing to do with being Trans, straight, gay or anything else in my opinion. And this wasn’t malicious? Really? Then, what was it?
Therefore, with a maximum sentence of 210 months, the sentence was too lenient, it reads.
No shit! Most people get at least 5 years, and even with time served, the minimum seems to be 5 years. Those 5 years are jail time not probationary time. And, how much time did she actually serve?
President Donald Trump appointed Forrest. President Bill Clinton appointed Rawlinson. The third appeals court judge, Jennifer Sung, appointed by President Joe Biden, took issue with the duo’s decision.
The full quote on Lasnick’s “malicious manner” comment sheds more favorable light on the judge’s viewpoint, Sung observed. Lasnik said did not act “in the malicious manner that you want to punish, to the same degree as somebody who gets that information and immediately turns to monetizing it in some way,” Sung noted. Thompson also showed signs of being tormented over her activities, openly seeking jail or death.
While she never monetised from this, the fact it was pilfered should be proof enough. 210 months is 17.5 years, that should be jail time, not probationary time. She wanted jail, so let’s see what happens during resentencing.
The Center for Cybersecurity Policy and Law, in a friend of the court brief in support of the government appeal, said it wouldn’t give its opinion on how long Thompson’s sentence should be. But it asked the court to clarify one element in its ruling.
“It is critical for legal frameworks to maintain the distinction between good-faith security research and harmful criminal activities,” it wrote in its brief. “The Center is interested in this proceeding because a perception that the sentencing at issue was based on the Defense’s arguments in the District Court that the charged conduct was good-faith security research risks eroding the distinction between good-faith security research and harmful criminal activity.
I disagree. This was malicious, because of the fact that it was being bragged about and the fact that the article clearly states that she told others to hack the company because of their neglegance proves she knew what she was doing, even though it was not making money.
The appeals court ruling made no mention of good-faith security research.
Mo Hamoudi, an attorney for Thompson, did not immediately respond to requests for comment.
The case is being sent back to the district court level for resentencing.
Capital One hacker Paige Thompson got too light a sentence, appeals court rules is the full article if you want to read this.
This is beyond crap in my opinion. This is like someone who might rape someone and get only 5 years in jail when this type of crime is different and has different sentencing guidelines.
Other crimes too have different guidelines on sentencing, so maybe the court should relearn this. Cybercrime has always fallen behind everything else and maybe this is the problem … don’t you think?
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.