Joseph Garrison, a 19-year-old from Wisconsin, has pleaded guilty in a New York federal court for his involvement in a hacking scheme targeting DraftKings, a fantasy sports betting website, resulting in the theft of around $600,000 from customers.
Garrison, who had boasted about the “fun” of fraud in messages to co-conspirators, initiated a “credential stuffing attack” on November 18 last year, successfully accessing approximately 60,000 accounts.
Furthermore, the hackers, including Garrison, added new payment methods to these accounts, depositing $5 to verify authenticity before draining the accounts of existing funds, affecting about 1,600 DraftKings accounts. Garrison is scheduled for sentencing on January 16 and faces a maximum sentence of five years in prison for conspiring to commit computer intrusion.
Additionally, the Manhattan U.S. Attorney’s Office revealed that during a raid on Garrison’s home in Madison in February, they found programs typically used for credential stuffing attacks and files containing nearly 40 million username and password pairs on his computer.
Finally, despite being free on a $100,000 bond since his arrest in May, Garrison’s sentencing is impending, and if proven guilty, he could face up to five years in prison. The case highlights the ongoing challenges of cybersecurity, especially in the context of financial platforms vulnerable to hacking and fraudulent activities.