- Joseph Garrison, 18, allegedly used stolen logins and passwords to hack more than 60,000 accounts on the gambling website last November
- He is then accused of sending that information to other people, who used it to withdraw more than $600,000 in cash from 1,600 accounts.
- “Fraud is fun,” Garrison texted a co-conspirator. ‘I’m addicted to seeing money in my account’
A Wisconsin teenager who at one point bragged about “fraud is fun” as he hacked the sports betting giant DraftKings to steal from more than 1,000 customers has pleaded guilty.
18-year-old Joseph Garrison is said to have used stolen logins and passwords to hack into more than 60,000 accounts on the website last November.
He is then accused of sending that information to others, who used it to withdraw more than $600,000 in cash from 1,600 accounts in a process known as “credential stuffing,” according to federal prosecutors in Manhattan .
Garrison was extremely brazen about his attempts to illegally take money out of people’s accounts.
“Fraud is fun,” Garrison texted a co-conspirator, court documents say. “I’m addicted to seeing money in my account.”
Joseph Garrison, 18, allegedly used stolen logins and passwords to hack into more than 60,000 accounts on the website last November
DraftKings confirmed that customers’ accounts had been compromised, although they are not named in the lawsuit.
The company claims they have refunded all the money stolen from customers.
“The safety and security of our customers’ personal and payment information is of the utmost importance to DraftKings,” a spokesperson said in a statement.
This isn’t Garrison’s first run-in with the law, as he has been charged in Wisconsin for allegedly paying people to relay bomb threats to his high school using BitCoin.
The product is known as “swatting” and Garrison did it because he was “bored and wanted to go home,” according to court documents.
During the Wisconsin investigation, it was discovered that Garrison had earned more than $2.1 million by the time he was 18, earning $15,000 per day between 2018 and 2021.
Investigators searched Garrison’s home in February 2023, where they claim to have found programs used in credential stuffing.
He used more than 700 individualized files to create a website where he could carry out the attacks on his own computer.
He is then accused of sending that information to others, who used it to withdraw more than $600,000 in cash from 1,600 accounts in a process known as credential stuffing, federal prosecutors in Manhattan said.
Law enforcement officials found approximately 40 million username and password combinations on his computer.
Garrison pleaded guilty to one count of conspiracy to commit computer burglary, which carries a maximum penalty of five years in prison. He will be sentenced at a later date.
The case is being prosecuted by the Southern District of New York Frauds and Cybercrime Unit.
Assistant U.S. Attorneys Kevin Mead and Micah Fergenson are leading the prosecution.