A man from Singapore is facing charges relating to the alleged theft of a video game developer’s identity in order to obtain access to cloud computing systems in order to illicitly mine cryptocurrency.
This week, the US Department of Justice (DoJ) said that Ho Jun Jia, also known as Matthew Ho, has been charged for using stolen computing resources and services.
A 14-count indictment (.PDF), now unsealed, alleges that Ho stole the identity and financial details of a prominent game developer located in California in order to open up multiple service accounts with cloud computing providers.
Prosecutors say the developer’s information was stolen and used without permission, including his name, driver’s license details, and credit card data.
See also: PayPal backs out: what does this mean for the future of Facebook’s Libra cryptocurrency?
Between October 2017 and February 2018, the 29-year-old allegedly ran a “large-scale” cryptocurrency mining operation that was predominately based on the theft of IDs used to fraudulently open up accounts and obtain access to third-party computing resources.
Various cryptocurrencies were mined including Bitcoin (BTC) and Ethereum (ETH).
Ho reportedly excelled at social engineering and was able to use his skills to entice cloud computing vendors to grant him heightened account privileges, defer billing, and to ramp up the computing resources on offer.
The scam was able to continue as billing was delayed. In only a few months, US prosecutors say the scheme consumed over $5 million in cloud computing power.
CNET: Your VPN won’t save you from these 3 things
The legitimate game developer’s staff paid bills charged to their credit cards — some reaching hundreds of thousands of dollars — before the scheme was uncovered, but the main bulk of the charges remain unpaid.
“For a brief period, [Ho] was one of Amazon Web Services’ (AWS) largest consumers of data usage by volume,” prosecutors claim.
The DoJ also alleges that Ho created a fictitious game developer, “Daniel Piers,” who apparently was tied to a company recently acquired by the main developer that Ho was pretending to be.
As cryptocurrency was mined, the virtual coins Ho obtained were then transferred to wallets and exchanged for fiat currency on numerous exchanges.
TechRepublic: 70% of businesses report Pass the Hash attacks directly impact operational costs
The unnamed game developer is not the only alleged victim. It is also claimed that Ho fraudulently used the identities of a Texas resident and Indian technology company founder to open accounts with AWS and Google Cloud.
Ho was taken into custody by the Singapore Police Force in September and is also being investigated locally. Under US law, he could face up to 20 years for wire fraud, 10 years for access device fraud, and two years for aggravated identity theft.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0