By
Lisa Spencer
Senior Editor Updated: 02 December 2023
Lisa Spencer Senior Editor
As a Senior Editor at Betting.US, Lisa Spencer is a valuable member of our expert team. With a Master’s degree in Applied Mathematics, Lisa is adept in gambling theory and analyzing odds. She contributes by writing online sportsbook reviews and finding competitive markets to help our readers make an informed choice.
With cybercrime on the rise, many sportsbooks have fallen victim to digital crime, including leading operators such as DraftKings. Recently, an 18-year-old hacker from Madison, Wisconsin named Joseph Garrison pleaded guilty to conspiracy to commit computer intrusion. This plea was in connection to the theft of over $600,000 from approximately 1,600 DraftKings user accounts.
Garrison, who once bragged to an accomplice that “fraud is fun,” now faces the possibility of up to five years in a federal prison. The hacking incident took place on November 18, 2022, when Garrison and his coconspirators initiated a credential-stuffing attack on DraftKings’ sportsbook, as revealed by prosecutors.
This type of cyberattack involves using stolen login credentials, typically gained from large-scale corporate data breaches, and purchased on the Dark Web. The stolen credentials are then used to gain unauthorized access to user accounts where the same password is used.
Once inside the compromised accounts, Garrison and his associates managed to add new payment methods, deposit $5 to verify those methods, and then withdraw all existing funds from the accounts, according to court documents.
This malicious activity had dire consequences, causing DraftKings’ shares to plummet by 5 percent on the Nasdaq. This came as investors grew concerned about a potential loss of consumer confidence in the exceptionally popular sportsbook, which had recently expanded into several new U.S. state markets and is the second biggest sportsbook in the country.
The FBI’s raid on Garrison’s residence in February 2023 uncovered a range of evidence. Agents found credential-stuffing software that had been used to target numerous corporate websites. In addition, they found files containing nearly 40 million pairs of usernames and passwords stored on the suspect’s computer. Further investigations revealed conversations on Garrison’s phone discussing plans to hack and exploit the DraftKings website.
One message from Garrison to a coconspirator read:
Fraud is fun. I’m addicted to seeing money in my account. I’m like obsessed with bypassing shit.
During the Wisconsin investigation, it was revealed that Garrison had allegedly amassed over $2.1 million from cyber-fraud activities by the time he turned 18. Between 2018 and 2021, his illicit activities were reportedly generating an astonishing $15,000 per day.
Despite his age, this is not the first time Garrison has found himself in legal trouble, according to reports. Prior to the DraftKings attack, he had been charged with five counts of making bomb threats, three counts of making terrorist threats, and one count of attempted bomb threats.
These charges stemmed from Garrison’s habit of hiring third parties online to make threatening calls to his own school, Memorial High School in Madison. According to court documents, he justified these actions as a means to alleviate boredom and secure early dismissal.
Cybercrime and fraud have become a huge problem for businesses such as sportsbooks and casinos, affecting not only the companies but also their customers. While many have sophisticated protection in place, hackers and cybercriminals often find ways around these security measures.
Betting Bill Fails to Get Past Alabama Conference CommitteeRead ArticleLisa SpencerMay 18, 2024
North Carolina Lawmaker Introduces Bill to Ban College Prop BetsRead ArticleLisa SpencerMay 15, 2024
November Referendum on Sports Betting Likely in MissouriRead ArticleLisa SpencerMay 13, 2024