A Singaporean man allegedly stole the identity of a prominent California video game developer, and ran a massive cryptocurrency-mining operation using stolen computing power and cloud services from providers such as Google and Amazon.
Ho Jun Jia, a.k.a Matthew Ho, 29, was taken into custody by the Singapore Police Force (SPF) on Sep. 26, 2019, and faces 14 charges under a Washington district court.
Stole identity, illegally mined cryptocurrency
Using the identity and credit card information of a prominent California video game developer, Ho managed to open cloud computing services from multiple U.S. cloud service providers.
According to public court documents via the United States Department of Justice, the affected companies included Amazon Web Services (AWS) and Google Cloud Services.
Ho then used the computing power to run large-scale cryptocurrency-mining operations, obtaining cryptocurrency such as Bitcoin, Ethereum, among many others.
He reportedly ran his illegal operations between Oct. 2017 to Feb. 2018.
Used S$6.9m of cloud computing services
In the span of a few months, Ho had reportedly consumed US$5 million (S$6.9million) of unpaid cloud computing services.
For a brief period, he was even one of Amazon's largest data consumers by volume.
Some of the bills racked up by Ho were paid by the Californian web developer's financial staff before the fraud was detected.
He also allegedly used the identities of a Texas resident and the founder of a tech company in India to obtain similar services from Google Cloud Services in his scheme.
Investigated by FBI
Ho's case is currently being investigated by the Federal Bureau of Investigation (FBI) Seattle Office, Cyber Crime Unit.
The SPF Technology Crime Investigation Branch, Attorney General’s Chambers of Singapore, the U.S. Department of Justice’s Criminal Division’s Office of International Affairs, and the FBI Legal Attaché Office, are assisting the FBI in their investigations.
If convicted by the U.S. Federal court, Ho could face up to 20 years in prison for wire fraud charges, up to 10 years for access device fraud, and a mandatory two years for aggravated identity theft.
Top image via André François McKenzie on Unsplash