(844) 627-8267
(844) 627-8267

Teen DraftKings hacker sentenced to 18-month jail term | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The federal judge looked down from the bench toward the young man sitting in front of him, the parents of the defendant listening nearby in the courtroom gallery.

“This is really a tragedy, this case,” Lewis Kaplan said to Joseph Garrison, the soft-spoken, baby-faced man seated not far away from the judge’s bench. “I don’t know how you didn’t realize what you were doing.”

Garrison, 19, launched a cyberattack against the sports betting platform DraftKings shortly after his 18th birthday.

“I understand about youth,” the judge continued. “I understand it’s not the same as somebody who’s achieved full maturation. But this was pretty remarkable, what you did. Huge amounts of money, really.”

Garrison’s path from a quiet neighborhood in the college town of Madison, Wis., to a Manhattan courtroom was still hard to believe. Everything about his childhood appeared normal and unremarkable — at least until the covid pandemic began in the spring of 2020. The teenager lived in a two-parent household. He was a Cub Scout who had never been in serious trouble. He ate lunch with a close group of friends at school, worked part time at Walgreens and loved to play the video game Fortnite.

But Garrison also harbored a secret: He was deeply enmeshed in the dark corners of the web, and his isolation in that world only deepened when his high school shut down during the pandemic. Shortly after he returned to in-person classes, Garrison was arrested and accused of paying swatters in bitcoin to phone in bomb threats to his high school. He faces nine felony charges in Wisconsin in that case.

Just a few months later, in November 2022, he engineered a hacking scheme that stole about $600,000 from 1,600 accounts on DraftKings. He was later arrested and pleaded guilty to a single count of conspiracy to commit computer intrusions; Kaplan this week sentenced Garrison to 18 months in jail, just two days after two other young men were arrested and charged in the case.

“I have to impose a sentence that does something toward deterring other people,” Kaplan said.

Jenkins: The NFL still won’t accept responsibility for its damaged players

Prosecutors also brought federal charges this week against Nathan Austad, a 19-year-old from Minnesota, and Kamerin Stokes, a 21-year-old from Tennessee, for allegedly conspiring with Garrison in the DraftKings attack.

Garrison helped carry out the scheme through a “credential stuffing attack,” a tactic in which hackers use stolen username and password combinations to access other accounts with the same credentials. Garrison and other co-conspirators gained access to more than 60,000 accounts and then allegedly sold access to accounts.

When law enforcement searched Garrison’s home last February, officers found programs typically used for credential stuffing attacks and files for nearly 40 million username and password pairs on Garrison’s computer. Investigators also found conversations between Garrison and co-conspirators about how to hack DraftKings.

“fraud is fun,” Garrison wrote in one message. “i’m addicted to see money in my account.”

“idk it ruined my life personally,” the co-conspirator replied.

“I’m like obsessed with bypassing sh–,” Garrison said. “im thinking of starting a shop myself.”

“I wouldn’t lol,” the co-conspirator responded. “u already under enough heat.”

During the investigation into the bomb threats, Garrison also allegedly admitted to investigators that he ran a website called the “Goat Shop,” which he said sold hacked accounts. Garrison said at its peak, the shop made $15,000 a day, and he estimated he made “around 800 grand at one point,” according to court documents.

“There is a part of me that suspects that he was just a conduit for much more sophisticated criminals on the dark web,” said Jordan Loeb, Garrison’s attorney in the Wisconsin case. “He was in that cyber bubble where everything that was happening on his computer was the normal world and set the norms of his behavior and outlook. What we see is, when school reopened in early 2022 and he’s back in the real world, he struggled. That’s the first time we really saw the clash of this cyber reality he had been living with societal norms.”

Garrison finished high school online and eventually enrolled in community college in Madison last year. He recently earned his driver’s license, but his felony record prevented him from getting a job at Target. Garrison has continued to work with a counselor, which has allowed him “to see the victims of this crime for exactly who they are: real people who were harmed. And he has taken steps to better himself and to begin to right the wrongs,” said Clay Kaminsky, Garrison’s attorney in the federal case.

On Wednesday, after Kaplan listened to Kaminsky argue about his client’s age and why he did not belong in jail, the judge asked Garrison whether he wanted to make any remarks.

The Chiefs and 49ers are going to Super Bowl LVIII. Here’s what to know.

“Your Honor, I’m very sorry,” Garrison said. “I have given you my letter, and I’m very nervous, and I don’t really have anything to add to that.”

Kaplan then spoke to the defendant’s parents in the gallery.

“Mr. and Mrs. Garrison, I want you to know how much I sympathize with you. You thought you did everything right. Maybe you did,” Kaplan said. “You did your best, I’m sure of that, and look what happened. Life has surprises for everyone.”

Along with the 18 months in jail, Garrison will owe $1.3 million in restitution payments to DraftKings and another $175,000 in asset forfeitures. He also will be subject to supervision for three years after his release. After Kaplan announced the sentence, Kaminsky asked Kaplan whether Garrison could voluntarily surrender in early June.

Kaplan agreed. It will allow Garrison to return to Wisconsin and finish his semester of community college, where he is studying cybersecurity.


Click Here For The Original Story From This Source.

National Cyber Security