Nathan Austad, Hacking Fantasy Sports And Betting Website, New York 2022

Two Men Charged with Hacking Fantasy Sports And Betting Website in New York

Damian Williams, the United States Attorney for the Southern District of New York, and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation, announced the unsealing of a six-count criminal complaint charging Nathan Austad, a/k/a ‘Snoopy,’ and Kamerin Stokes, a/k/a ‘TheMFNPlug,’ in connection with a scheme to hack user accounts at a fantasy sports and betting website.

According to the complaint, Austad and Stokes were involved in a scheme to hack into the accounts of tens of thousands of victims and then sell access to those stolen accounts online. Austad was arrested today in Farmington, Minnesota, and is expected to be presented later today before U.S. Magistrate Judge David T. Schultz in the District of Minnesota. Stokes was arrested today in Memphis, Tennessee, and is expected to be presented later today before U.S. Magistrate Judge Annie T. Christoff in the Western District of Tennessee.

U.S. Attorney Damian Williams said, ‘As alleged, Nathan Austad and Kamerin Stokes were involved in a scheme to hack into the accounts of tens of thousands of victims and then sell access to those stolen accounts online. Our office is relentless in tracking down the perpetrators of cybercrime.’ Williams added, ‘Earlier this month, we announced an SDNY Whistleblower Pilot Program to encourage early and voluntary self-disclosure of criminal activity. To all cybercriminals: call us before we call you.’

FBI Assistant Director in Charge James Smith said, ‘Cyberattacks are growing increasingly more sophisticated, targeting all manner of businesses and posing a great risk to economic security. Nathan Austad and Kamerin Stokes were allegedly part of a cyber intrusion that resulted in hundreds of thousands of dollars being stolen from victims’ accounts.’

As alleged in the complaint, Austad and Stokes launched a credential stuffing attack on the fantasy sports and betting website on November 18, 2022. During the attack, they collected stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies, which can be purchased on the darkweb. They then systematically attempted to use those stolen credentials to obtain unauthorized access to accounts held by the same user with other companies and providers, in order to compromise accounts where the user has maintained the same password.

Austad and Stokes successfully accessed approximately 60,000 accounts at the fantasy sports and betting website through the credential stuffing attack. In some instances, the individuals who unlawfully accessed the accounts were able to add a new payment method, deposit $5 into that account through the new payment method, and then withdraw all the existing funds in the account through the new payment method, thus stealing the funds in the account.

Access to the accounts was sold on various websites that traffic in stolen accounts, which are frequently referred to as ‘Shops.’ Austad and Stokes sold some of the accounts on shops that they each directly controlled, and Austad’s shop was named after the character Snoopy from the Peanuts comic strip.

Related Federal Cases