Joseph Garrison, one of the youths who staged cyber fraud involving DraftKings Sportsbook accounts in 2022, has pleaded guilty, accepting an 18-month prison sentence.
The 19-year-old was involved in a credential surfing attack. Along with other conspirators Garrison exploited system vulnerabilities to steal $600,000 from DraftKings users whose credentials had been stolen in other data breaches.
In total, over 1,600 sports betting accounts were affected. Garrison allegedly bragged to friends about the cyberattack, telling them that “fraud is fun.”
The cyberattack not only hurt many victims but also undermined confidence in DraftKings’ ability to protect its customers. As a result, the young man had to receive a sentence that reflected the caliber of the crime. According to attorney Damian Williams, “The sentencing underscores the urgent need for vigilance and the critical importance of our collective efforts in combating cyber threats and safeguarding digital integrity.”
Garrison Will Spend 3 Years on Supervised Release
As mentioned, Garrison is set to serve 18 months in prison. Following that, he will spend three years on supervised release.
In addition to his time in prison, Garrison will have to pay $1.3 million in restitution and $175,000 in forfeiture.
The DraftKings incident, however, is not the only time Garrison has been involved in legal trouble. The young man currently has a legal matter in Wisconsin where he allegedly used Bitcoin to pay another party that would call in several bomb threats to his school.
Two of Garrison’s Co-Conspirators Were Arraigned
In the meantime, Nathan Austad and Kamerin Stokes, two of Garrison’s alleged conspirators, were just arrested and arraigned. The latter allegedly paid Garrison to gain access to DraftKings Sportsbook accounts and then re-sold them online.
Austad, on the other hand, leveraged artificial intelligence to promote a shop of stolen user accounts. In addition to that, he allegedly managed cryptocurrency wallets that received approximately $465,000 in proceeds from credential-stuffing attacks and the sale of compromised data.
As a result of their alleged participation in the conspiracy, the two youths risk up to 20 years in prison.