Two young men, Nathan Austad, 19, from Farmington, Minnesota, and Kamerin Stokes, 21, from Memphis, Tennessee, have been charged for their involvement in the cyberattack on DraftKings in November 2022. Their alleged misuse of illegally obtained data led to personal gain through the sale of confidential information and harm to the operator and its clients. Joseph Garrison, a third co-conspirator, has already pleaded guilty to his involvement in the attack.
The FBI has presented substantial evidence against Austad and Stokes, who were arrested on January 29. They face charges including conspiracy to commit computer intrusion, unauthorized access to a computer, wire fraud, wire fraud conspiracy, and aggravated identity fraud. If convicted, they could face up to 20 years in prison. Their attack targeted approximately 60,000 DraftKings accounts, gaining illegal access via other data breaches.
The attackers used various tactics, including registering new payment methods, to withdraw funds from victim accounts. They also sold access to the compromised accounts in bulk through underground shops. Stokes reportedly purchased access to accounts in bulk from Joseph Garrison, amounting to over $125,000 in total value, and sold them via his online shop.
Stokes advertised the compromised accounts on his shop through Instagram, contributing to the FBI’s investigation into the case. Authorities highlighted Austad’s use of artificial intelligence image generation tools to create images promoting his shop of stolen user accounts. Additionally, he managed cryptocurrency wallets that received approximately $465,000 in proceeds from credential-stuffing attacks and the sale of compromised data.
Joseph Garrison, a core member of the hacking group, was indicted on May 18, 2023, for his involvement in the scheme. Garrison had already surrendered and pleaded guilty in November, awaiting sentencing on February 1. Austad, Stokes, Garrison, and other collaborators are estimated to have collectively stolen about $600,000 from approximately 1,600 victim accounts.
DraftKings has reimbursed all the stolen money from customers and emphasized the importance of the security of clients’ personal and financial information. The operator is another high-profile victim of cyberattacks and has taken extensive measures to prevent similar occurrences. Such attacks can have more than just a financial cost, damaging the company’s reputation.
The incident highlights the ongoing threats and challenges for online platforms, especially those in the gambling and fantasy sports sectors. Credential stuffing attacks remain a significant risk, emphasizing the need for robust security measures and user education to prevent unauthorized access to accounts. Hopefully, more operators will take notice of this case and take preemptive action, ensuring the safety of their customers.

By admin