A teenager from Wisconsin named Joseph Garrison has recently admitted his guilt in a federal court in New York. His plea is connected to a large-scale plan to breach user accounts on DraftKings, the Daily Fantasy Sports betting platform.
The outcome of this illicit activity was the misappropriation of about $600,000 from unsuspecting users. This narrative, however, deviates from the ordinary cybercrime storyline.
It unfolds as a gripping adventure fueled by Garrison’s bold proclamation, “fraud is enjoyable,” establishing an atmosphere for an unpredictable journey into virtual sports heists.
On Nov. 18 last year, Garrison and his team launched a “credential stuffing attack” on the DraftKings website. This notorious hacking technique involves using stolen user credentials from previous data breaches to gain unauthorized access to user accounts.
In a spree that saw around 60,000 accounts compromised, Garrison’s team wasn’t just satisfied with mere infiltration, they went on to add new payment methods to these accounts.
In a strategic move, the hackers deposited a cheeky $5 through the new method to verify its authenticity. Once confirmed, they swiftly drained the accounts of every existing penny, leaving approximately 1,600 DraftKings accounts in financial ruin.
The Fateful Raid and Incriminating Discoveries
The audacity of Garrison’s actions was matched only by his boasting messages to co-conspirators.
“I’m addicted to seeing money in my account,” confessed the now 19-year-old cyber maestro. “I’m like obsessed with bypassing s—.”
Federal authorities, catching wind of Garrison’s exploits, raided his Madison home in February.
What they uncovered was a hacker’s treasure trove—programs for credential stuffing attacks and files housing nearly 40 million username and password pairs on Garrison’s computer.
The cat was out of the bag, and the authorities caught the teenage prodigy in the act.
Despite being free on a $100,000 bond since his arrest in May, Garrison faces a looming date with destiny. Scheduled for sentencing in Manhattan federal court on Jan. 16, 2024, he could be looking at a maximum prison sentence of five years for his role in conspiring to commit computer intrusion.
DraftKings Teen Hacker Who Boasted ‘Fraud is Fun’ Pleads Guilty in Fantasy Sports Betting Theft https://t.co/HxfkW3iW7j
— Breaking911 (@Breaking911) November 16, 2023
DraftKings, swift in its response, notified customers of account issues and suffered a 9% drop in shares as a consequence. The breach also affected the company’s plans to launch sports betting operations in Maryland, Ohio, and Massachusetts. However, this incident mirrors a wider issue in the industry, with BetMGM and FanDuel also grappling with the aftermath of data breaches.
As the legal saga unfolds, one thing is for sure – the realm of fantasy sports has witnessed a heist of epic proportions, leaving users and industry giants on edge, and a once “fun” act of fraud has become a lesson in cybersecurity gone wrong.
If you want to learn more about other cyber hacker attacks in the gambling industry, check out the timeline of attacks at Caesars, BetMGM and Stake here.
Joseph Garrison is a teenager from Wisconsin who recently admitted guilt in a New York federal court. His case is related to a large-scale plan to breach user accounts on the DraftKings fantasy sports betting website, resulting in the theft of approximately $600,000 from unsuspecting users.
Garrison and his team launched a “credential stuffing attack” on the DraftKings website. This notorious hacking technique involves using stolen user credentials from previous data breaches to gain unauthorized access to user accounts.
Approximately 60,000 DraftKings accounts were compromised in the hacking spree. The hackers not only infiltrated but also added new payment methods to these accounts, resulting in the misappropriation of funds and leaving about 1,600 accounts in financial ruin.
Garrison, despite being free on a $100,000 bond since his arrest in May, faces a potential maximum prison sentence of five years. His sentencing is scheduled in Manhattan federal court on Jan. 16, 2024.
DraftKings responded swiftly by notifying customers of account issues. However, the company suffered a 9% drop in shares as a consequence. The security breach temporarily derailed DraftKings’ plans to launch sports betting operations in Maryland, Ohio, and Massachusetts. This incident highlights a broader industry issue, with other companies like BetMGM and FanDuel also grappling with data breaches.
Related newsShow all news
Borgata Online Awards $3M Jackpot In Bison Fury
Bison Fury’s $2 bet turned into a fortune in Borgata’s $3M jackpot win. Learn more about this lucky slot and online winner from BetMGM here!
Everything We Know About Kindred Leaving The US
Unibet’s parent company, Kindred, exits the US. Explore the reasons behind their market exit and its effects on online gambling.