Info@NationalCyberSecurity
Info@NationalCyberSecurity

DraftKings hacker pleads guilty in fantasy sports betting case | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


  • A Wisconsin teenager admitted in New York federal court to orchestrating the 2022 hack on the DraftKings fantasy sports betting site that drained money from about 1,600 customer accounts.
  • Madison resident Joseph Garrison faces up to five years in prison after pleading guilty to conspiracy to commit computer intrusion.
  • “fraud is fun . . . im addicted to see money in my account,” Garrison wrote in an electronic message to a conspirator.

Sports betting company DraftKings’ logo is displayed on a smartphone screen.

Budrul Chukrut | Lightrocket | Getty Images

A Wisconsin teenager pleaded guilty Wednesday in New York federal court to conspiracy in connection with a scheme to hack user accounts at the DraftKings fantasy sports betting website and with others steal about $600,000 from its customers.

The defendant, Joseph Garrison, had boasted “fraud is fun” in a message that he had sent to his co-conspirators before he was nabbed by authorities, according to a criminal complaint in U.S. District Court in Manhattan.

“im addicted to see money in my account,” wrote the now 19-year-old Garrison. ”im like obsessed with bypassing s—.”

The Manhattan U.S. Attorney’s Office said Garrison on Nov. 18 last year launched a so-called “credential stuffing attack” on the website. Hackers in such attacks use stolen user credentials obtained from past data breaches to gain authorized access to user accounts.

“Garrison and others successfully accessed approximately 60,000 accounts at the Betting Website,” the office said.

In some instances, the hackers were able to add a new payment method to the accounts, and after depositing $5 through the new method to verify it was authentic, were able to drain the accounts of “all the existing funds in the Victim Account,” prosecutors said.

About 1,600 DraftKings accounts were drained in the hack.

When federal authorities raided Garrison’s home in Madison in February, “they located programs typically used for credential stuffing attacks,” as well as “files containing nearly 40 million username and password pairs on” his computer, prosecutors said.

Garrison, who has been free on $100,000 bond since his arrest in May, is scheduled to be sentenced in Manhattan federal court on Jan. 16.

He faces a maximum possible sentence of five years in prison on the charge of conspiring to commit computer intrusion.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW