November 17, 2023 at 11:15AM
Wisconsin teenager Joseph Garrison has pleaded guilty to his involvement in hacking a fantasy sports and betting website. Garrison launched a credential stuffing attack, gaining access to approximately 60,000 user accounts. Together with others, he stole around $600,000 from 1,600 victim accounts. Garrison faces up to five years in prison for conspiracy to commit computer intrusion.
From the meeting notes, it appears that Wisconsin teenager Joseph Garrison has pleaded guilty to his involvement in a scheme to access user accounts at a fantasy sports and betting website. On November 18, 2022, Garrison launched a credential stuffing attack against the site, gaining access to around 60,000 user accounts. Along with others, Garrison stole approximately $600,000 from about 1,600 victim accounts by adding a new payment method, depositing $5 into each account, and subsequently withdrawing all victim funds.
In February 2023, law enforcement searched Garrison’s home and found software commonly used for credential stuffing attacks on his computer, as well as approximately 700 config files for these applications. They also discovered nearly 40 million usernames and passwords that could be employed in credential stuffing attacks. During the search of Garrison’s phone, investigators found conversations related to hacking the betting website and profiting from the compromised accounts through either fund theft or selling the accounts to cybercriminals.
As a result, Garrison, a 19-year-old from Madison, Wisconsin, pleaded guilty to conspiracy to commit computer intrusion and could face up to five years in prison. The charges against Garrison were announced by the US Department of Justice on May 18, and he surrendered on the same day in New York, New York.
It is worth noting that the targeted website, though not mentioned in the court documents, appears to be DraftKings, as the site itself disclosed in November 2022 that approximately 68,000 user accounts were compromised in a credential stuffing attack.
Please let me know if there is any other information you would like me to extract from the meeting notes.