DraftKings website hacked, two more arrested in $635,000 theft
Two more men were arrested Monday for hacking into DraftKings accounts and stealing about $635,000 from customers, according to federal prosecutors and media reports.
In total, approximately 60,000 accounts on the sports betting site were successfully compromised in 2022. Funds were withdrawn from approximately 1,600 accounts.
Using a scheme known as a credential stuffing attack, hackers gained access to the website after using a large number of credentials they had stolen in a previous data breach.
One of the suspects arrested was Nathan Austad, 19, of Farmington, Minnesota, who goes by the online alias "Snoopy" (from the Peanuts comic strip). He was arrested in Minnesota. Also arrested was Kamerin Stokes, 21, of Memphis, Tennessee, who goes by the alias "TheMFNPlug."
Explanation of credential stuffing
Federal prosecutors explained that credential stuffing attacks occur when someone "collects stolen credentials or username-password pairs (which can be purchased on the dark web) obtained by other companies from other large data breaches."
"Threat actors would then systematically attempt to use these stolen credentials to gain unauthorized access to the same user accounts at other companies and providers, thereby compromising that user's account using the same password," the authorities added.
A criminal complaint explains that the illegal access to victims' accounts was for sale on a website called "The Store." The store in Ostad is named after "Snoopy".
The suspects appear to have been aware that they might be under investigation. In May 2023, Ostad sent a message saying, "Everyone knows he is committing fraud."
In December 2022, an unnamed co-conspirator wrote: “Haha the FBI can’t do anything.”
Multiple Charges
Two suspects appeared in federal court Monday. If convicted, they face decades in prison.
They are each charged with conspiracy to commit computer intrusion, unauthorized access to a protected computer with intent to further defraud, access to a protected computer, conspiracy to commit wire fraud and aggravated identity theft.
Additionally, Austad allegedly had accounts containing approximately $465,000 in cryptocurrency, authorities said. The amount deposited into the account came from credential stuffing attacks and proceeds from the sale of stolen accounts.
Former defendant sentenced
In November, a third defendant, Joseph Garrison, 19, of Madison, Wisconsin, pleaded guilty in Manhattan federal court to conspiracy to commit computer intrusion. U.S. District Judge Lewis A. Kaplan is scheduled to sentence him Thursday. Garrison faces up to five years in prison.
Prosecutors said he told one of his co-conspirators in an online message that "fraud is fun."
But federal officials are taking the case seriously.
"Our office is working tirelessly to track down the perpetrators of cyber crimes," Manhattan U.S. Attorney Damian Williams said in a statement announcing the latest arrests.
Read also:
- Football 101: What is relegation in football?
- Las Vegas businesses hit hard by Formula 1 ask tourism board for $23 million
- Mexico bans slot machines in casinos and casinos across the country
- Quarterback Justin Fields returns to Chicago Bears in Week 11
Source: www.casino.org