Nowhere in the criminal complaint[1] does it say this happened. Instead it says that Paige wrote a script that scanned web application firewalls (WAFs) for a specific vulnerability. Anyone could have done this. The problem was only possible because after abusing the vulnerability Paige discovered that the IAM Role used by the WAF was granted permissions it shouldn't have.
Nowhere in the criminal complaint[1] does it say this happened. Instead it says that Paige wrote a script that scanned web application firewalls (WAFs) for a specific vulnerability. Anyone could have done this. The problem was only possible because after abusing the vulnerability Paige discovered that the IAM Role used by the WAF was granted permissions it shouldn't have.
1. https://www.justice.gov/usao-wdwa/press-release/file/1188626...