“Fraud is Fun”: Famous Last Words of Convicted Sports Betting Hacker

“Fraud is Fun”: Famous Last Words of Convicted Sports Betting Hacker

If you are ever going to pursue a life of crime, it would be wise to keep your wits about you and not brag about your criminal activities to anyone. For Wisconsin teenager and now convicted felon Joseph Garrison, keeping his wits about him was not in the cards. After stealing hundreds of thousands of dollars from DraftKings sportsbook accounts, the 19-year old reportedly bragged to friends that “fraud is fun.”

This week, Garrison faced the music as he entered a guilty verdict in the fraud case and is now facing up to 5 years in Federal Prison. He is scheduled to be sentenced in January, but the story of his hacking efforts will live in the nightmares of his victims forever.

A Not-So-Sophisticated Fraud Worth Over $500,000

The most crucial takeaway from this story is that everyone should utilize different passwords for different online accounts. Garrison was able to succeed in his hack because well over half of people do not go through the effort of having unique passwords for their various online accounts. The method utilized in this hack is known as “credential stuffing.” Credential stuffing works by using stolen account information from an individual in order to access that same person’s accounts on other sites; in this case, DraftKings Sportsbook. As an example, if your username and password for your Netflix account was compromised at some point, it is likely that your username (often an email) and password are now in the hands of nefarious actors. Once these criminals have your name, email, and at least one password you have used in the past, they can then attempt to use that information to log in to other accounts, such as bank accounts and online betting profiles.

All said, sportsbook accounts on Draftkings had more than $600,000 stolen from them. As for how much of that Joseph Garrison and his co-conspirators are responsible for, that number is around $300,000 that law enforcement officials know about.

Last February, law enforcement descending upon Garrison’s residence and found loads of programs and files relating to credential stuffing. In addition, police were able to uncover messages sent between Garrison and co-conspirators explaining exactly how to hack compromised DraftKings accounts. That same co-conspirator, who has not been named, explained that Garrison claimed he was addicted to seeing money coming into his account, saying that fraud was fun.

DraftKings is Not Alone

Though the DraftKings Sportsbook hack might be the biggest of 2023, it is far from the only one we have heard about. FanDuel, another massive sportsbook operator in the United States, was also hacked this year, however only about 100 customers had their accounts compromised. A far cry from the thousands of victims at DraftKings.

In the physical gambling realm, both Caesars and MGM were targeted by online hackers earlier this year. The hack ended up costing over $100 million and saw the casino operators pay hackers more than $15 million in ransom money. With online sports betting and online gambling in general growing larger in the US every year, we can expect that hacking events like these will be on the rise. The question for players is whether or not their information can be protected and, if so, which sportsbooks offer the most protection for bettors.

Author: Nicholas Murphy