Joseph Garrison, a participant in a cyber fraud scheme involving DraftKings Sportsbook accounts in 2022, has pleaded guilty and accepted an 18-month prison sentence. The 19-year-old was part of a group that carried out a credential surfing attack, exploiting system vulnerabilities to steal $600,000 from DraftKings users whose credentials had been stolen in previous data breaches. Over 1,600 sports betting accounts were affected by their actions.
Garrison reportedly bragged to friends about the cyberattack, boasting that “fraud is fun.” This not only harmed numerous victims but also damaged confidence in DraftKings’ ability to protect its customers. Attorney Damian Williams emphasized the importance of collective efforts in combating cyber threats and safeguarding digital integrity, stating that the sentencing underscores the urgent need for vigilance.
In addition to serving 18 months in prison, Garrison will spend three years on supervised release and have to pay $1.3 million in restitution and $175,000 in forfeiture. However, this is not Garrison’s first brush with legal issues. He also faces allegations in Wisconsin for using Bitcoin to pay someone to call in bomb threats to his school.
Meanwhile, two of Garrison’s alleged co-conspirators, Nathan Austad and Kamerin Stokes, have been arrested and arraigned. Stokes allegedly paid Garrison to gain access to DraftKings Sportsbook accounts and then sold them online, while Austad used artificial intelligence to promote a shop of stolen user accounts and managed cryptocurrency wallets that received approximately $465,000 in proceeds from their illegal activities. Both youths face up to 20 years in prison for their alleged participation in the conspiracy.