MARKETREALIST.COM / NEWS

Teenage Hacker who Thinks Fraud is Fun Uses Stolen DraftKings Login Data for Audacious Cyber Heist

Garrison's audacious act involved stealing more than $600,000 from over 1,000 unsuspecting customers, leaving the sports betting industry in shock

BY KOMAL BANCHHOR

PUBLISHED DEC 7, 2023

Cover Image Source: istockphoto/Photo by: dem10

Betting on matches comes with its fair share of opportunities as well as risks, but in the digital landscape plagued by cybercrime, platforms face as much risk as their users. In a startling turn of events, 18-year-old Joseph Garrison from Wisconsin has pleaded guilty to orchestrating a sophisticated cyber heist targeting sports betting giant DraftKings. Garrison's audacious swindle involved stealing more than $600,000 from over 1,000 unsuspecting customers, leaving the sports betting industry in shock.

The teenager first stole login credentials and then used them to infiltrate the accounts of more than 60,000 DraftKings users in November of last year. He also shared this sensitive information with accomplices who engaged in a fraudulent practice known as "credential stuffing." This method involves using stolen credentials to gain unauthorized access to multiple accounts, resulting in the withdrawal of substantial amounts of cash.

Court documents reveal Garrison's brazen attitude towards his criminal activities, as he reportedly described fraud as fun and wrote that he was addicted to money in his account, in texts to accomplices. These messages reveal the disturbing thrill he derived from exploiting unsuspecting victims.

DraftKings confirmed the security breach and reiterated its commitment to customer safety. Although the affected customers remain unnamed, the company assured that all stolen money had been refunded. A DraftKings spokesperson stated that the safety and security of customer data is a priority for the platform.

This incident sheds light on the broader issue of cybersecurity in online sports betting, highlighting the vulnerability of platforms to determined hackers. The aftermath of Garrison's actions serves as a stark reminder of the constant need for stringent security measures and the importance of user vigilance.

This is not Garrison's first encounter with the law, as he has faced charges in Wisconsin related to a dangerous practice known as "swatting." As part of that act, Garrison allegedly paid individuals to make bomb threats to his high school using Bitcoin. Court documents suggest that he engaged in swatting because he was "bored and wanted to go home."

Further investigations into Garrison's activities revealed a concerning pattern of behavior. It was uncovered that he had amassed over $2.1 million by the age of 18, earning a staggering $15,000 per day between 2018 and 2021. Law enforcement officials, during a search of Garrison's home in February 2023, discovered programs associated with credential stuffing and approximately 40 million username and password combinations on his computer.

Garrison has pleaded guilty to one count of conspiracy to commit computer burglary, a charge that carries a maximum penalty of five years in prison. His sentencing is scheduled for a later date.

As the online landscape continues to evolve, this incident emphasizes the critical need for robust cybersecurity measures to protect users and maintain the integrity of digital platforms. The DraftKings case serves as a cautionary tale, prompting both companies and individuals to remain vigilant in the face of evolving cyber threats, or else they stand to lose a lot more than what they bargained for while taking their chances with online betting.