A Minnesota man has successfully evaded jail time after being caught mining Ethereum using the cloud servers of his former employer, Digital River. Over the course of nearly a year, Joshua Paul Armbrust exploited his retained access to the company’s Amazon Web Services (AWS) accounts, running mining software nightly and amassing a total of $5,895 in Ethereum. However, the scheme incurred over $45,000 in cloud service fees, a stark reminder of the hidden costs associated with cryptojacking.
Armbrust, who cited financial hardship and personal responsibilities in court, was sentenced to three years of probation and ordered to repay the full damages rather than face incarceration. His operation went undetected for an extensive period, running from 6 PM to 7 AM each day until abnormal activities raised red flags for Digital River.
Once the company identified the unauthorized mining activity, they reported the incident to authorities, leading to an investigation that ultimately linked the mining back to Armbrust. When confronted, he admitted to his actions, indicating a lack of intent to conceal his illicit activities.
Despite the significant operational costs incurred by Digital River, Armbrust’s profits from the cryptojacking scheme were relatively minor. The court documents revealed that he utilized the proceeds primarily to support his ailing mother, which may have influenced the leniency of the court’s decision.
Assistant U.S. Attorney Bradley Endicott remarked, “The defendant’s conduct strikes at the core of digital trust and security. Companies rely on former employees to act ethically.” This statement underscores the essential need for organizations to enforce strict access controls and promptly revoke credentials when employees depart.
The increasing prevalence of cryptojacking, where individuals secretly use others’ computing resources to mine cryptocurrencies, is a growing concern, especially amid economic uncertainty. Cybersecurity experts warn that such attacks often go unnoticed, particularly when they are conducted at low levels. The automated nature of cloud services can mask unauthorized usage for extended periods, as was the case here.
This incident serves as a crucial reminder for businesses about the importance of robust offboarding processes to mitigate risks associated with former employees retaining access to sensitive systems. As financial pressures mount, there is a rising trend of individuals resorting to small-scale cyber crimes, prompting experts to urge organizations to regularly monitor cloud system activities.
While Armbrust’s breach of trust did warrant accountability, the court’s decision to impose probation instead of jail time reflects the complex factors involved, including his cooperation with authorities and the relatively small financial gain from his actions. As he begins his probation, he must also repay the total losses incurred by Digital River, which may serve as a cautionary tale for others considering similar actions.
This case adds to the increasing number of cryptojacking incidents tied to former employees and raises critical questions about corporate access management and security protocols. Digital River has yet to publicly comment on the outcome, but it is likely that the company has since reviewed and strengthened its internal access controls in response to this breach.
