Riot games founder's identity stolen to buy Amazon cloud resources for bitcoin mining

[spartaman64]

Quote

Marc Merrill, the cofounder of Riot Games, was the victim of a massive fraud that started in November 2014, when his American Express credit card information was used to buy up cloud computing power from Amazon, Google and others, according to a just-unsealed court filing discovered by Forbes.

Quote

The man accused of stealing Merrill's identity, Singaporian national Matthew Ho, was said by investigators to have used Amazon and Google servers to mine various cryptocurrencies, including Bitcoin and Ether. Before it was eventually noticed in January 2018, Ho had racked up bills totalling $5 million with Jeff Bezos’ tech giant, according to the government’s allegations. At least one payment of that bill, for $135,000, was made on Merrill’s Amex card in December 2017. (Court documents didn’t clarify whether the full $5 million bill had been paid, though the DOJ did say “some” were). The same card had been used to pay for Riot Games’ actual Amazon Web Services cloud computing products.

Quote

He’d created a fake Californian driving license that carried Merrill’s name and used an email address that appeared to be a legitimate Gmail for the Riot Games co-chairman, according to the court filing. For further “proof” of identity, he presented Amazon with one of Merrill’s real home addresses, the feds said.

Because Merrill was an established Amazon customer, Ho was given “access to substantially elevated levels of cloud computer services,” investigators wrote, though they didn’t disclose exactly what those priveleges were.

Quote

Once he’d mined cryptocurrency, Ho sold it on localbitcoins.net. But eventually, thanks to data like IP addresses and login information provided by Amazon, Google, Facebook and others, police were able to pin down Ho as the chief suspect. He was arrested by Singapore Police Force on September 26 and is being investigated for various alleged offenses committed under Singapore law.

Source: https://www.forbes.com/sites/thomasbrewster/2019/11/07/riot-games-millionaire-founder-defrauded-in-5-million-amazon-cloud-cryptocurrency-mining-scam-doj-says/#5bff66f16b58

 

Is that really how riot purchases league server space? Mark Merrill just contacts Amazon and pays with his credit card? I expected that riot as a company purchases them. And nobody at Amazon found it strange that Mark is mining bitcoin rather than running league servers on them?

[vanished]

3 minutes ago, spartaman64 said:

Is that really how riot purchases league server space? Mark Merrill just contacts Amazon and pays with his credit card? I expected that riot as a company purchases them.

Yeah that is a bit strange, but probably answers the next question.  If they were used to this, then it probably didn't seem that strange by comparison.

Quote

And nobody at Amazon found it strange that Mark is mining bitcoin rather than running league servers on them?

That and I doubt anyone is personally reviewing what's being run.  If they did they'd probably be in the news for privacy violations.

[Sauron]

1 minute ago, spartaman64 said:

Is that really how riot purchases league server space? Mark Merrill just contacts Amazon and pays with his credit card? I expected that riot as a company purchases them. And nobody at Amazon found it strange that Mark is mining bitcoin rather than running league servers on them?

Well... it's not really any of their business. Renting servers is kind of what they do, there's nothing weird about a customer using their service. Why would they check for Merrill specifically among their hundreds of thousands of customers?

[TVwazhere]

5 minutes ago, spartaman64 said:

Is that really how riot purchases league server space? Mark Merrill just contacts Amazon and pays with his credit card? I expected that riot as a company purchases them. And nobody at Amazon found it strange that Mark is mining bitcoin rather than running league servers on them?

No, to me this looks like someone stealing the identity of someone important, and presenting the proposed exchange as "personal use" and getting special access because of it. *edit* Businesses usually have business credit cards and "underlings" like CFO's who usually handle the transactions, usually not the CEO, founders or president.  

[JB25304]

Well, it says in your second quote that his Amex card was used to pay for Riot Games' actual Amazon Web Services cloud computing products, so "him" wanting more computing power may not have raised any questions since he was an established customer and used an account that was already paying for corporate services.

 

As to your second point, I doubt that they actually look at what was being ran.  If they did that for every account, they would have to employ an army of people and then you could step into various privacy issues too.

[piemadd]

6 minutes ago, JB25304 said:

As to your second point, I doubt that they actually look at what was being ran.  If they did that for every account, they would have to employ an army of people and then you could step into various privacy issues too.

They actually do, when I was using a free account to do F@H, I got a notification that I may have been mining crypto, so I had to let them know I wasn't just making free money, so they do have systems in place to see that.

[JB25304]

2 minutes ago, pierom_qwerty said:

They actually do, when I was using a free account to do F@H, I got a notification that I may have been mining crypto, so I had to let them know I wasn't just making free money, so they do have systems in place to see that.

If they monitored every account in very granular detail, then there would have been a lot of us in the F@H group that would have had to answer that.  You aren't a corporate customer who already buys a chunk of their services, so you using heavy resources might raise questions; however, if you were a corporate entity or individual who already contracts with them to provide the service for a known corporation, then what reason would they have to look any closer.  

 

It would be like, "Oh, the Riot Games guy is using more resources.  Well they already use a lot.  Nothing more to see here unless something looks suspicious."  Whereas, "There is this dude in ATL that just signed up and is using an unusual amount of resources.  Maybe we need to look into that"  If they actually looked into what you were running, they would have known that you were not mining crypto and just doing F@H.  They wouldn't have needed to contact you to find that out.  They just saw a pattern that seemed unusual and decided to poke around more.  Why would they send you a message that says, "Hey, we think that you may be mining crypto.  Tell us what you are doing," if they already knew from the outset what the answer was?

[spartaman64]

40 minutes ago, Sauron said:

 

 

39 minutes ago, TVwazhere said:

.  

 

39 minutes ago, JB25304 said:

 

Yep what I meant was that I thought some server technician at riot or something makes the purchase. I have no idea how Amazon cloud works but I thought riot would have some very specific way they want the servers to be configured and connected but maybe not. And riot probably wants amazon to tell them when servers go down or misbehave so Amazon must do some kind of monitoring on the servers.

[JB25304]

1 minute ago, spartaman64 said:

 

 

Yep what I meant was that I thought some server technician at riot or something makes the purchase. I have no idea how Amazon cloud works but I thought riot would have some very specific way they want the servers to be configured and connected but maybe not. And riot probably wants them to tell them when servers go down or misbehave so Amazon must do some kind of monitoring on the servers.

I will say that I do agree with you there.  You would think that if they knew that the service was for a major corporate account that there would be more layers of authentication other than, "Hey, we know this dude, so let's give him what he wants," especially since it was to the tune of $5 million over 5 years.  However, if Marc Merrill was using his own private card, one would say the fault lies squarely on him for not reviewing his statements and for mixing business on his personal account (something that gives an account a migraine.)  If it was a corporate card though, you could say that it is just as much Riot's own fault for not noticing that their bill for Amazon went abnormally high for not just one but for five years straight.

[TrigrH]

Quote

 The same card had been used to pay for Riot Games’ actual Amazon Web Services cloud computing products.

Ahahaha thats amazing, no wonder it didnt get noticed for so long.

[Sauron]

10 hours ago, spartaman64 said:

Yep what I meant was that I thought some server technician at riot or something makes the purchase. I have no idea how Amazon cloud works but I thought riot would have some very specific way they want the servers to be configured and connected but maybe not. And riot probably wants amazon to tell them when servers go down or misbehave so Amazon must do some kind of monitoring on the servers.

Sure but I don't think that's related, I think this dude just used Merrill's credit card to buy server space without pretending to be acting for Riot.

[Kisai]

11 hours ago, spartaman64 said:

Source: https://www.forbes.com/sites/thomasbrewster/2019/11/07/riot-games-millionaire-founder-defrauded-in-5-million-amazon-cloud-cryptocurrency-mining-scam-doj-says/#5bff66f16b58

 

Is that really how riot purchases league server space? Mark Merrill just contacts Amazon and pays with his credit card? I expected that riot as a company purchases them. And nobody at Amazon found it strange that Mark is mining bitcoin rather than running league servers on them?

That's curious, but it's not unsurprising for game servers to be run on cloud services.

 

Though it's FAR more likely that the game servers aren't on AWS, the website, patch/download servers, forums, and so forth are, which consume far more bandwidth in spikey intervals rather than the games themselves.