While his alleged co-conspirators are only just starting their criminal cases with the Department of Justice, Joseph Garrison accepted an 18-month prison sentence for his role in the 2022 credential stuffing cyberattack on DraftKings Sportsbook.
The 19-year-old pled guilty to one count of conspiring to commit computer intrusion in November 2023.
“Joseph Garrison and his co-conspirators orchestrated a bold credential stuffing attack – collecting stolen usernames and password pairs from other large-scale data breaches – by exploiting vulnerabilities to siphon approximately $600,000 from unsuspecting victims. Such attacks not only breach personal security but erode trust in online platforms. Today’s sentencing underscores the urgent need for vigilance and the critical importance of our collective efforts in combatting cyber threats and safeguarding digital integrity,” said U.S. Attorney Damian Williams.
After his prison stint, Garrison will serve three years of supervised release. He is also ordered to pay over $1.3 million in restitution and $175,000 in forfeiture. Garrison and his alleged co-conspirators hacked more than 1,600 sports betting accounts and stole over $600,000, prompting Garrison to tell his friends, “fraud is fun.”
Garrison still has another pending legal matter in Wisconsin related to bomb threats called into a local high school. Garrison entered a not guilty plea on the matter in the fall of 2022. Garrison is alleged to have paying a third party in Bitcoin to call in several bomb threats to his school.
Meanwhile, the charged co-conspirators in the case were arrested and arraigned earlier this week. Nathan Austad and Kamerin Stokes face multiple charges in connection to the attack, including conspiracy to commit computer intrusion.
