Sunday, October 13, 2019

Citizen of Singapore indicted in scheme to steal cloud computing power for cryptocurrency mining


Masqueraded as California video game developer to access cloud computing services

Seattle - A 14-count indictment was unsealed today charging a citizen of Singapore, HO JUN JIA, a/k/a Matthew Ho, 29, with federal crimes related to his scheme to mine cryptocurrencies using stolen computing power and services, obtained with the stolen identity and credit card account information of California and Texas residents, announced U.S. Attorney Brian T. Moran. HO was taken into custody by the Singapore Police Force on September 26, 2019, and is being investigated for various alleged offenses committed under Singapore law.

According to the indictment, between October 2017 and February 2018, following the surge in popularity, and value, of cryptocurrencies, HO ran a large-scale cryptocurrency mining operation, propelled predominantly, if not exclusively, through fraud and identity theft.  HO, allegedly used stolen identity and credit card information of a prominent California video-game developer to open cloud computing accounts at multiple U.S. cloud service providers, which he used to mine various cryptocurrencies, such as Bitcoin and Ethereum. HO created a web of phony email accounts and used social engineering techniques to trick cloud computing providers to approve heightened account privileges, increased computer processing power and storage, and deferred billing.

HO used the fraudulently obtained computing power to mine cryptocurrency – a resource-intensive process by which “miners” essentially compete to verify blockchain transactions and receive an amount of cryptocurrency in return.  HO then used the cryptocurrency or exchanged it for traditional funds on various marketplace websites.  In the few months his scheme remained active, HO consumed more than $5 million in unpaid cloud computing services with his mining operation and, for a brief period, was one of Amazon Web Services (AWS) largest consumers of data usage by volume.  Some of the bills were paid by the California game developer’s financial staff before the fraud was detected.  HO also used the identities of a Texas resident and the founder of a tech company in India and, in addition to AWS, opened cloud services accounts with Google Cloud Services, which he similarly used as part of his cryptocurrency mining operation.

Wire fraud is punishable by up to 20 years in prison.  Access device fraud is punishable by up to ten years in prison.  Aggravated identity theft is punishable by a mandatory two years in prison to run consecutive to any other sentence imposed in the case.

The charges contained in the indictment are only allegations.  A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.

The case is being investigated by the FBI Seattle Office, Cyber Crime Unit, with assistance from the Singapore Police Force - Technology Crime Investigation Branch, the Attorney General’s Chambers of Singapore, the U.S. Department of Justice’s Criminal Division’s Office of International Affairs, and the FBI Legal Attaché Office.

The case is being prosecuted by Assistant United States Attorney Steven Masada.

No comments:

Post a Comment