23-year-old Kamerin Stokes of Memphis, Tennessee, was once sentenced to 30 months in jail for promoting get right of entry to to tens of hundreds of hacked DraftKings accounts.
In line with courtroom paperwork, the accounts have been hijacked by means of Nathan Austad (aka Snoopy) with the assistance of Joseph Garrison (a 3rd associate charged in Might 2023) in a large November 2022 credential-stuffing assault that compromised just about 68,000 DraftKings accounts.
U.S. prosecutors stated Austad and Garrison used a listing of credentials stolen in a couple of breaches to hack into DraftKings accounts, then bought get right of entry to to others who stole round $635,000 from more or less 1,600 compromised accounts.
Whilst they remodeled $2.1 million promoting a few of these hijacked DraftKings accounts (in addition to FanDuel and Chick-fil-A accounts) via their very own “retail outlets,” additionally they bought many in bulk to Stokes (additionally identified on-line as TheMFNPlug), who resold them via his personal “store.”
One month later, the sports activities having a bet massive stated it needed to refund masses of hundreds of bucks stolen from hacked accounts, in any case to be had price range have been withdrawn following the addition of a brand new fee manner and a $5 deposit to make sure its validity.
After being arrested, pleading accountable, and launched whilst looking ahead to trial, Stokes reopened his store with a brand new “fraud is a laugh” tagline and endured promoting get right of entry to to compromised accounts for quite a lot of outlets.
Prosecutors stated he additionally admitted “he were operating a lot of these retail outlets for 3 years” and that he relaunched the store as a result of he wanted cash to pay his legal professional.
“Kamerin Stokes victimized hundreds of customers of a web based having a bet web page regardless that [sic] a cyberattack,” U.S. Lawyer Jay Clayton famous in a Thursday press liberate.
“After pleading accountable to federal crimes, Stokes audaciously reopened his legal trade, advertised the usage of the tagline’ fraud is a laugh,’ and stated that he opened the brand new Store partially as a result of ‘gotta pay my legal professionals,’ regarding his prosecution on this case.”
After reopening his web page, Stokes was once once more remanded into federal custody after being arrested for violating the prerequisites of his pretrial liberate.
Along with 30 months in jail, Stokes was once given 3 years of supervised liberate and ordered to pay $1,327,061 in restitution and $125,965.53 in forfeiture.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of recent exploits is coming.
On the Self sufficient Validation Summit (Might 12 & 14), see how self sustaining, context-rich validation unearths what is exploitable, proves controls hang, and closes the remediation loop.
