Two additional men were arrested on Monday for hacking DraftKings accounts and and then stealing virtually $635K from its customers, according to federal prosecutors and military press reports.
In total, some 60K accounts were successfully compromised on the sports betting land site inwards 2022. Funds were taken from some 1,600 accounts.
By using a strategy known as a “credential dressing attack,” the hackers got access code to the situation after employing a large heel of credentials stolen from earliest information breaches.
Credential Stuffing Explained
Federal prosecutors explained that a credential stuffing tone-beginning is when someone “collects stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies, which can buoy be purchased on the darkweb.”
The threat actor so consistently attempts to exercise those stolen credentials to obtain unauthorized get at to accounts held past the same user with other companies and providers, inwards tell to via media accounts where the user has maintained the same password,” the feds added.
One of the arrested suspects is Nathan Austad, 19, of Farmington, Minn., whose online false name is “Snoopy,” (from the Peanuts cartoon). He was arrested inward Minnesota.
Also, Kamerin Stokes, 21, of Memphis, Tenn., who has the false name of “TheMFNPlug,” was arrested in Tennessee.
In a criminal complaint, it was explained that illegal access to the victims’ accounts were sold on websites called “shops.”
Austad’s shop was named after “Snoopy” the Canis familiaris grapheme from the Peanuts comic strip.
The suspects seem to get realized they could be case to investigation.
In May 2023, Austad sent out a substance saying, “everyone knows their [sic] committing fraud.”
In December 2022, an unnamed co-conspirator inwards the plot of ground texted, “lol fbi can’t get along s**t.”
Numerous Charges
Both suspects appeared inward federal judicature on Monday. If convicted, they could face decades inward prison.
They are for each one charged with confederacy to commit data processor intrusions, wildcat get at to a protected electronic computer to further intended fraud, unauthorised approach to a saved computer, conducting wire hoax conspiracy, wire fraud, and aggravated indistinguishability theft.
In addition, Austad allegedly had accounts in which were deposited nearly $465K worth of cryptocurrency, feds said. It appeared the amounts placed inwards the accounts were from the credential dressing attacks and proceeds from the sales event of stolen accounts, feds added.
Prior Defendant To Be Sentenced
In November, a 3rd defendant, Joseph Garrison, 19, of Madison, Wis., pled shamefaced inwards Manhattan federal tribunal to confederacy to practice information processing system intrusion. On Thursday, he’s scheduled to live sentenced by U.S. District Judge Meriwether Lewis A. Kaplan. Garrison faces upwardly to 5 years inward prison.
He at one time told ace of his conspirators inward an online message that, “fraud is fun,” prosecutors said.
But federal officials are taking the pillowcase seriously.
Our office is relentless inwards tracking shoot down the perpetrators of cybercrime,” Manhattan U.S. Attorney Damian Williams said in a statement announcing the 2 recent arrests.
Experience the thrill of playing your favorite casino games at LPE88 - the most popular online casino platform in Malaysia! Join now and start winning. LPE88 boasts an extensive selection of games, from slots to table games, ensuring that every player can find something they love and have a chance at scoring impressive winnings.