The United States Attorney’s Office has announced that two men have been arrested and charged in relation to a targeted hack which saw a criminal gang steal information and money from thousands of sports betting and daily fantasy sports accounts.
Damian Williams, the United States Attorney for the Southern District of New York, and James Smith, the Assistant Director in Charge of the New York Field Office of the FBI announced that Nathan Austad , a/k/a “Snoopy,” and Kamerin Stokes, a/k/a “TheMFNPlug,” have been charged in connection with the scheme.
It’s alleged that they worked in conjunction with Joseph Garrison, the 18-year-old man arrested in November of last year. Austad of Farmington, Minnesota, and Stokes of Memphis, Tennessee, are believed to have attempted to sell user information online.
U.S. Attorney Damian Williams said of the case:
“As alleged, Nathan Austad and Kamerin Stokes were involved a scheme to hack into the accounts of tens of thousands of victims and then to sell access to those stolen accounts online. Our office is relentless in tracking down the perpetrators of cybercrime. Earlier this month, we announced an SDNY Whistleblower Pilot Program to encourage early and voluntary self-disclosure of criminal activity. To all cybercriminals: call us before we call you.”
FBI Assistant Director in Charge James Smith said:
“Cyberattacks are growing increasingly more sophisticated, targeting all manner of businesses and posing a great risk to economic security. Nathan Austad and Kamerin Stokes were allegedly part of a cyber intrusion that resulted in hundreds of thousands of dollars being stolen from victims’ accounts. As these defendants found out, if you conduct a cyberattack for profit, you can bet the FBI can and will bring you to justice.”
User Data Stolen and Sold
Austad, Joseph Garrison, and others launched a “credential stuffing attack” on the betting operator’s website. During the attack, they stole credentials, username and password pairs and the attempted to sell them on the darkweb. They also allegedly used the same credentials to access accounts held by the same users with other companies and providers.
Austad and Garrison are believed to have successfully accessed approximately 60,000 accounts and added a new payment method on the account. They then deposited $5 into that account through the new payment method to verify that method, and then withdrew all the existing funds in the account through the new payment method.
Access to the the accounts were also sold on various websites that traffic in stolen accounts. Some were sold in bulk to co-conspirators such as Stokes. The accounts had a total listed account value of over $125,000. Stokes then advertised these accounts for sale on his Instagram account.
Austad, Stokes, Garrison, and others stole approximately $600,000 from around 1,600 accounts.
Garrison was previously arrested in connection with the attack and pled guilty to conspiracy to commit computer intrusion. Garrison’s sentencing is scheduled for February 1st, 2024 before U.S. District Judge Lewis A. Kaplan.
Image credit: Santeri Viinamäki / CC BY-SA 4.0
An experienced iGaming commentator and analyst based in New York City - Jenny reports on regulation and gambling industry news and events.