- Joseph Garrison, 18, is believed to have used stolen log-ins and passwords to hack into over 60,000 accounts on the website last November
- He’s then accused of sending that information to other people, who used it to take over $600,000 in cash out of 1,600 accounts
- ‘Fraud is fun,’ court documents say Garrison texted a co-conspirator. ‘I’m addicted to seeing money in my account’
A Wisconsin teenager who at one point bragged ‘fraud is fun’ while hacking into the sports betting giant DraftKings to steal from over a thousand customers has pleaded guilty to just that.
Joseph Garrison, 18, is believed to have used stolen log-ins and passwords to hack into over 60,000 accounts on the website last November.
He’s then accused of sending that information to other people, who used it to take over $600,000 in cash out of 1,600 accounts in a process known as credential stuffing, according to federal prosecutors in Manhattan.
Garrison was extremely brazen about his attempts to illegally take cash out of peoples’ accounts.
‘Fraud is fun,’ court documents say Garrison texted a co-conspirator. ‘I’m addicted to seeing money in my account.’
DraftKings confirmed that customers’ had their accounts compromised, though they are not named in the suit.
The company claims that they have reimbursed all the money that was stolen from customers.
‘The safety and security of our customers’ personal and payment information is of paramount importance to DraftKings,’ a spokesperson said in a statement.
It’s not Garrison’s first run-in with the law, as he’s already facing a case back in Wisconsin for allegedly paying people to phone in bomb threats to his high school using BitCoin.
The product is known as ‘swatting’ and Garrison, according to the court documents, did it because he was ‘bored and wanted to go home.’
During the investigation in Wisconsin, it was discovered Garrison had made over $2.1million by the time he was 18, making $15,000 a day between 2018 and 2021.
Investigators searched Garrison’s home in February of 2023, where they allege finding programs used in credential stuffing.
He used over 700 individualized files to create a website to launch the attacks on his own computer.
Law enforcement located about 40 million username and password combinations on his computer.
Garrison pled guilty to one count of conspiring to commit computer intrusion, which carries a maximum sentence of five years in prison.
The case is being prosecuted by the Southern District of New York’s Frauds and Cybercrime Unit.
Assistant U.S. Attorneys Kevin Mead and Micah Fergenson are in charge of the prosecution.