Get 125% / $2,500 on 1st deposit!
New players only. Exclusive Welcome Bonus of up to $2,500
Joseph Garrison, a youngster from Wisconsin, pled guilty in a federal court in New York for a hacking plot that was directed at the DraftKings fantasy sports betting website. The plan was to take advantage of the platform’s users for around $600,000.
Unexpectedly, Garrison, who is currently 19 years old, entered a guilty plea to conspiracy. He had boasted about the illegal acts before to his capture, telling his fellow accomplices that “fraud is fun.” The criminal complaint exposed his preoccupation with evading security and making money.
On November 18, 2017, Garrison launched a “credential stuffing attack” against DraftKings. In this kind of cyberattack, hackers obtain illegal access to user accounts by using stolen user credentials from prior data breaches. According to the Manhattan U.S. Attorney’s Office, Garrison and other scheme participants were able to access over 60,000 accounts on the betting website.
The hackers were able to add additional payment methods to the accounts they had targeted during the hacking instances. They made a tiny deposit to confirm the legitimacy of the new approach, and then methodically emptied all of the monies in the accounts. The assault caused around 1,600 DraftKings accounts to be emptied.
When federal agents raided Garrison’s Madison home in February, they found applications frequently used for credential stuffing assaults. His computer also had files with about 40 million username and password combinations on it, which suggests a massive cyber operation.
On January 16, Garrison, who has been free on a $100,000 bail since his arrest in May, will be sentenced in Manhattan federal court. The maximum penalty for the crime of planning to commit computer intrusion is five years in jail.
The difficulties platforms continue to have protecting user data from sophisticated cyberattacks are shown by this example. The guilty plea emphasizes how important it is to keep working to improve cybersecurity safeguards in light of how quickly internet platforms are changing.