Skip to Content

How Evaldas Rimasauskas Stole $122 Million from Facebook and Google

Faceless technology corporations like Google, Amazon, and Apple are worth billions of dollars and seem like magical, circuit-driven monoliths, seemingly inaccessible to the common man. 

Surveillance footage screenshots show Elisa Lam behaving erratically. Image via Business Insider.

Most people struggle just to get ahold of technical support when their products malfunction, resulting in intense frustration. But to Evaldas Rimasauskas, the communication failure inherent to huge corporate structures presented an opportunity. 

Over two years in the mid-2010s, Rimasauskas operated a scam that conned Google and Facebook out of over $100 million dollars. 

Although most of the money was recovered, Rimasauskas demonstrated a gaping hole in the security and efficiency of corporate bureaucracy.

Evaldas Rimasauskas is a Lithuanian man who, in 2013, set out to commit fraud against two of the largest tech companies in the world: Facebook and Google. 

Rimasauskas chose these targets because both Facebook and Google do business with a Taiwanese company called Quanta Computer.

Quanta is a computer company that sells servers and other hardware to tech companies around the globe and is a leader in pushing the boundaries of server technology to share across the industry.

Facebook and Google both rely on thousands of servers to host their sites, which are used by millions of users daily. To keep up with increasing demand, both tech giants purchase new hardware from Quanta often and are very familiar with their business. 

Because the companies are constantly involved with each other, receiving invoices for new hardware is common. This was especially true in the mid-2010s as the internet was becoming not just a tool, but a digital landscape.

Companies like Google and Facebook had to adapt to increasing usage and introduce new features that attracted new customers consistently. This natural growth, as well as the growth of cloud computing and storage, required an exponential amount of new hardware that Quanta was able to provide.

How Did Evaldas Rimasauskas Steal From Big Tech?

The regular business transactions between the companies made typical business transactions little more than a rubber stamp, something almost no one paid close attention to. This is what made it so simple for Rimasauskas to imitate Quanta for his own gain. 

Rimasauskas and an unknown team of accomplices set up a company in Latvia that they also named Quanta, which was the first step to their fraudulent scheme. 

The crew was banking on the fact that workers at Google and Facebook would glance at the paperwork, see the name Quanta, and simply move on with their day.

The group then set out to turn this empty company into a convincing copy of the real Quanta. The men copied contracts from Quanta and edited them to fill in bank information for the fake company.

They also drafted countless letters from fake executives requesting payment and invoices for products that never existed. 

The forgeries were good enough that the fraudulent company was able to convince Google and Facebook of their legitimacy. Neither company has ever confirmed exactly what materials Rimasauskas and his team requested.

For over two years, the team of frauds collected payments from Facebook and Google for assorted fake products and services that were never ordered or delivered, but that nobody at these companies double-checked to determine if they were legitimate. 

Evaldas Rimasauskas being arrested. Photo by Mindaugas Kulbis/Associated Press.

When the companies sent the money, it was transported through a network of banks across the globe, including banks in Hungary, Slovakia, Hong Kong, and Lithuania.

By sending the money through so many institutions, Rimasauskas was able to launder it, making it incredibly difficult to track down the fraudulent payments.

Calculating The Losses

By 2015, Rimasauskas had stolen $23 million from Google and $98 million from Facebook. However, to the tech giants, this was a miniscule amount.

Google reported an astounding $181 billion in revenue in 2015, while Facebook made $18 billion. That means that the total amount that Rimasauskas conned out of the companies was 0.00013% of Google’s revenue and 0.0013% of Facebook’s revenue. 

At that scale of economics, losing this amount of money was less significant than a potential accounting error; new features and programs can cost these companies upwards of $100 million in stocks a day. 

When considering how minuscule the amount was to the overall budget of these companies, compounded with the fact that the amounts were made in payments that were dispersed across multiple fake invoices over two years, it becomes much more believable that Rimasauskas was able to avoid being caught for so long.

How Evaldas Rimasauskas Got Caught

It seems as if Rimasauskas could have continued stealing the money indefinitely, but eventually, someone at Google caught on to the fraud and informed the authorities.

After tracing the payments, they were able to locate Rimasauskas, who was apprehended by Latvian authorities in 2017 and extradited to New York to face justice for his fraud. 

He faced one count of wire fraud, a crime which carries a maximum sentence of 30 years. Ultimately he was forced to return $49.7 million and was sentenced to 5 years in prison.

Approximately over $50 million remains unaccounted for however; knowing Rimasauskas’s talent for laundering money, authorities assume it is likely hidden in a series of banks similar to those that he used to launder the money in the first place.

In the trial documents, the companies that he defrauded were not explicitly named, but both Facebook and Google spoke with the press and confirmed that they were the victims. Both companies were satisfied with the results of the trial. 

Evaldas Rimasauskas appearing in court. Image via LinkedIn.

Google specifically stated, “We detected this fraud and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.”

Although only a third of the total money was returned to the companies, they accepted their losses, likely because they were mostly irrelevant to their company’s bottom line. 

Authorities were also pleased with the result, as it demonstrated that the reach of the American justice system extends far beyond the geographic borders of the nation and that criminal actors around the globe are not safe simply because they are hiding behind a computer screen in another country.

Today, it is still possible to maneuver around the clunky structure of bureaucracy that tech giants are built upon, although not to the tune of millions of dollars. 

There are plenty of internet tales of people inviting billionaires such as Bill Gates or Elon Musk to a wedding or graduation party and receiving a gift sent by a secretary who either did not know the invite was tongue in cheek, or, similar to Google and Facebook, the gift went unnoticed in the budget because it was so small. 

There is so much else to worry about, and so much money flowing through that small items can easily slip through the cracks unnoticed.  

However, malicious cases of fraud that target businesses are on the rise. Specifically, wire fraud conducted through email scams is increasing exponentially. In 2019, the FBI released data that showed companies had been defrauded of over $3 billion in recent years from similar cases. 

Rimasauskas’ case is a prime example of the increased importance of cybersecurity in the modern era.

As more and more of the world is operated through and managed on the internet and becomes disconnected from face-to-face interactions, it becomes easier to misrepresent yourself to a business. 

Or, more dangerously, to actively trick a business into giving up information that provides a malicious actor with a backdoor into their system. When considering the broad scheme of crime conducted over the internet, Google and Facebook may have actually gotten off easy by only losing a few million dollars.


Leave a comment

Your email address will not be published. Required fields are marked *