author photo
By Clare O’Gara
Tue | Oct 22, 2019 | 6:49 AM PDT

Wire fraud, access device fraud, and aggravated identity theft.

Safe to say, Matthew Ho is a real triple threat.

The Singaporean citizen was recently indicted by the U.S. District Court in Seattle for those three crimes.

What is he accused of doing? He allegedly went cryptomining with stolen information and stolen AWS cloud computing power.

Stealing major amounts of cloud computing power

The ability to easily scale your processing power is widely considered a benefit of cloud computing.

But in this case, the suspect used that to rack up millions in unpaid bills for a company that had a legitimate AWS account.

It started with a stolen identity, and the indictment explains what happened next:

"By associating with Victim-1's company, Company-1, a legitimate and sizable AWS customer, and through social engineered communications and additional deceptive tactics, Ho gained access to a premium suite of cloud computing services and, for a brief period, was one of AWS's largest consumers of data usage by volume."

The Washington District Court indictment called it a "sophisticated fraud scheme" propelled "predominantly, if not exclusively, through fraud and identity theft."

How this cloud computing power theft played out

Ho's plan was a three-parter, just like his list of alleged crimes. Here is what he is accused of doing:

1. Stealing identities and credit card information. The indictment found at least three stolen identities that Ho used.

2. Using the stolen information to create fraudulent accounts through online service providers, including Amazon Web Services (AWS), and using them to mine for various cryptocurrencies.

3. Exchanging the cryptocurrency for traditional funds.

How much was the stolen cloud computing power worth?

The indictment didn't disclose how much money Ho made by crypto-mining using his stolen AWS bandwidth. But it did share how much Ho "spent" on the venture, i.e. how much he charged the victims, whose identities he stole.

"Ho consumed more than $5 million in unpaid cloud computing services. Portions of past due balances were charged to victim credit cards, some of which the account holder paid before the fraud and compromise of the credit card account were discovered."

This raises a question: who pays your cloud computing bill and are they watching for unusual jumps in cloud usage or sudden spikes in invoices? 

In case you're interested, wire fraud, device fraud, and identity theft are punishable by 20, 10, and two years in prison, respectively.

Check out the full indictment here.