How a single developer dropped AWS costs by 90%, then disappeared.

Maxime Topolov on 2022-12-29

NB: source (https://twitter.com/xanf_ua/status/1608121311078776832)

It’s Christmas and I just finished my last audit of a SaaS client. His story is worth telling. It’s a story about greed, lies, and the beauty of hacking.

It’s a story about how this client cut his monthly AWS bill by 90.000 USD with help of a mysterious developer, which disappeared once his job was done.

Jhvm Aaaag Uw Masi. G rs jhz subvnnuajm pptntozzn.

What do these 12 programming languages say about you? Tell me what your favorite language is, and I’ll tell you who you are.medium.com

When, 6 months later, AWS costs sky-rocked again to around 120K$ a month, this client called me to help him understand what really happened.

And it was absolutely mindblowing!

By the way, if you need help with complex IT problems, ping me.

How a Ukrainian developer quaked the French government. A true story, that happened a few years ago to a colleague.medium.com

The Set

For NDA reasons, I can’t tell the client’s name or industry.

But it’s a SaaS company, providing a product in a very niche, industrial market. Their product can be described as an AI model using data from different third-party applications and provides some valuable predictions.

There are two important points that will play a big role in this story.

Data is spread across different third-party applications, without APIs (industrial machines) therefore my client created a Chrome extension that collects it (like an RPA) and sends it back to their AWS instances for ingestion.

The AI model is quite expensive to execute, resulting in high computing costs averaging around 100K$ a month.

What AWS container service should you use? AWS offers a large set of containers to run your applications. The choice might be complicated, so go through this very…awstip.com

The Vilain

Almost a year ago a freelance developer contacted the IT director of my client, saying he could help them save their cloud bill by 90%. His offer was rejected.

1-hour NodeJS full-stack developer interview questions. Follow this script to detect the best NodeJS / React developers in 1 hour.medium.com

But, when a few months later, a new IT director took over the job he needed to show to the board some successes. Meanwhile, the developer insisted and even gave an offer impossible to refuse: he would take a single 50K$ paycheck if he succeeded, 0 if not.

It was a cheap bet for the new IT director looking to shine in front of the board. He gave the developer a go.

The trick

Here starts my investigation. The first thing I saw, is that no commits were done anywhere except the Chrome extension. It was a pretty simple one, scraping interfaces of different applications, extracting data, sending it to the cloud, and launching the processing.

The new version, after the developer worked on it, doubled its code base. There were hundreds of new files. One, in particular, drew my attention, a large file “accounts.yaml” contained around 1 million Google accounts.

What the hell it was doing there? All accounts seemed fake, probably acquired on the darknet for a hundred bucks.

The Upwork problem: fake Chinese developer's accounts located in Serbia… I’ll tell you the story of a repeating pattern in my hunting for developers on Upwork and LinkedIn. Be aware of this…medium.com

This file allowed me to unwind the ball of wool.

The developer did not upload data to the client’s cloud anymore. He created trial GCP accounts using one of the 1 million Google accounts, then uploaded the model there, the data, executed it, and shut down once the job was finished.

It was only possible using… the Chrome extension, to prevent Google security checks to kick in and rejecting account creation.

The client relied mostly on external partners to build his software, so there were no gatekeepers to check the developer’s job. He reported directly to the IT director, so nobody questioned his work, or even reviewed his code.

Costs were dropping by 90% as promised. He was paid 50K$. Then he disappeared. Completely.

The happy IT director wanted to give more assignments to this genius. But he vanished. Didn’t answer emails, voicemail on the phone number closed LinkedIn account. Gone.

ChatGPT3 will blow every single piece of software in the world. This is why: The ChatGPT3 experience is 🤯 and its capabilities are yet to be discovered.bootcamp.uxdesign.cc

The Fall

A few months later costs started to rise again. Each time a GCP free-tier account did not work, data was sent back to the old AWS system. Seems that the code was running out of valid Google accounts and/or Google became better at catching automated account creations.

I thought it would be a nice new year’s eve story for you.

Merry Christmas! Happy New year!

PS/ We help companies navigate the latest innovation and deliver apps x10 faster. Check us out.