Man bragged 'fraud is fun' before allegedly hacking website
A Wisconsin teen bragged “fraud is fun” before allegedly hacking user accounts on a sports betting website and helping others steal $600,000, Manhattan federal prosecutors charged Thursday.
Joseph Garrison, 18, is accused of swiping the login information of 60,000 accounts in the Nov. 18 cyberattack, and then selling the data, allowing others to steal money from some of the users, the feds alleged.
In total, the Madison man allegedly helped others loot the $600,000 from a total of 1,600 users — with at least 30 of those accounts belonging to New Yorkers, prosecutors said.
Before Garrison carried out the major hack, he bragged in messages to one of his co-conspirators on Sept. 16 that “fraud is fun,” adding that he’s “addicted to see [sic] money in my account,” according to the criminal complaint against him.
Authorities got wind of the “credential stuffing attack” scheme after workers at the sports betting site bought stolen credentials and received detailed instructions and screenshots about how to steal money from the user accounts, the feds alleged.
An undercover agent bought login information for two accounts on Jan. 9 for $11 and was also given instructions and screenshots about how to pilfer user money, the complaint states.
Joseph Garrison has been arrested in an alleged hacking scheme on a sports betting website. Dane County Sheriff's Office
When law enforcement searched Garrison’s home in February, they found programs used for credential stuffing attacks and files containing nearly 40 million username and password combinations, prosecutors said.
Investigators also found messages on Garrison’s phone discussing with his co-conspirators how to hack the betting site and how to make money off it, the filing claims.
In one message, Garrison allegedly boasted about how good he was at credential stuffing attacks, saying he loved to do it and thought he would never get caught, the feds said.
Garrison allegedly hacked into user accounts on the site and then sold the credentials for others to steal the users’ account money. Joseph Garrison / Twitter
In June 2022, Garrison allegedly admitted to Madison police a hacking scheme he carried out from 2018 through 2021, claiming he made around $15,000 on a good day and that he pocketed $800,000 total, the complaint states.
But when the feds went through his phone, they found a screenshot showing that he’d made over $2 million in sales in that scheme, the complaint alleges.
He also told the Wisconsin cops that he stopped hacking in 2021, the complaint claims.
Roughly $600,000 was stolen from 1,600 accounts, the feds say. Getty Images/iStockphoto
Garrison is charged with conspiracy to commit computer intrusions, unauthorized access to a protected computer to further intended fraud, unauthorized access to a protected computer, wire fraud and aggravated identity theft.
He faces up to 20 years behind bars if convicted on the top count.
“As alleged, Garrison used a credential stuffing attack to hack into the accounts of tens of thousands of victims and steal hundreds of thousands of dollars,” US Attorney Damian Williams said in a statement.
“Today, thanks to the work of my Office and the FBI, Garrison learned that you shouldn’t bet on getting away with fraud.”
Garrison turned himself in on Thursday.
His lawyer, Clay Kaminsky, declined to comment.
Source: New York Post
