- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
Teen Charged in DraftKings Credential Stuffing Case
An 18-year-old Wisconsin man has been charged with a credential stuffing campaign against users of the popular US betting site DraftKings, in which he and others allegedly stole an estimated $600,000.
Joseph Garrison of Madison, Wisconsin, was charged yesterday with conspiracy to commit computer intrusions, unauthorized access to a protected computer to further intended fraud, unauthorized access to a protected computer, wire fraud conspiracy, wire fraud and aggravated identity theft. The charges carry a combined maximum sentence of 57 years.
Garrison is accused of launching the attack on DraftKings customers on November 18 last year.
Read more about credential stuffing: The North Face Warns of Major Credential Stuffing Campaign.
Using classic credential stuffing techniques, Garrison allegedly used stolen lists of usernames and password combos to try and simultaneously access accounts across the web that victims may have used the same logins for.
In this way he was able to access 60,000 DraftKings user accounts. In some cases, he was able to add a new payment method to an account, deposit $5 to verify that payment method and then withdraw all funds.
Using this MO, Garrison and his co-conspirators are said to have stolen around $600,000 from 1600 victim accounts, according to the US Attorney’s Office for the Southern District of New York. As reported by Infosecurity at the time, it was initially believed that just $300,000 was stolen from customer accounts.
Garrison’s home was searched by law enforcers in February, during which time they found credential stuffing software including 700 “config” files for dozens of targeted websites, as well as files containing 40 million login combos.
His smartphone allegedly also contained conversations with co-conspirators about how to hack the DraftKings accounts and extract funds.
In one conversation, he is alleged to have said: “Fraud is fun . . . im addicted to see money in my account.”
Editorial image credit: T. Schneider / Shutterstock.com
