Damian Williams, United States Attorney for the Southern District of New York, and James Smith, Assistant Director of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced the release of six counts. Criminal complaint charging NATHAN AUSTAD, a/k/a “Snoopy,” and KAMERIN STOKES, a/k/a “TheMFNPlug,” in connection with a scheme to steal user accounts from a sports and betting website (the “Betting Website” ) and sell access to those accounts and rob them of thousands of dollars. AUSTAD was arrested today in Farmington, Minnesota, and is expected to be arraigned later today before US Magistrate Judge David T. Schultz for the District of Minnesota. STOKES was arrested today in Memphis, Tennessee, and is scheduled to be arraigned later today before U.S. District Judge Annie T. Christoff for the Western District of Tennessee.
US Attorney Damian Williams said: “As alleged, Nathan Austad and Kamerin Stokes conspired to hack into the accounts of thousands of victims and sell access to their stolen accounts online. Our office is relentless in its pursuit of cybercriminals. Earlier this month, we announced the SDNY Whistleblower Pilot Program to encourage early and voluntary whistleblower disclosures. To all cybercriminals: call us before we call you.”
FBI Assistant Director James Smith said: “Cyberattacks are on the rise, targeting businesses of all sizes and putting financial security at risk. Nathan Austad and Kamerin Stokes are said to have been part of a cyber attack that led to the theft of tens of thousands of dollars from the accounts of victims. As these defendants found out, if you’re conducting a cyberattack for profit, you can bet the FBI will prosecute you.”
As stated in the Complaint:
On November 18, 2022, AUSTAD, Joseph Garrison, and others launched a “verified attack” on the Betting Website. In a proven attack, a cyber attacker takes stolen credentials, or usernames and passwords, taken from other companies’ major data breaches, which can then be purchased on the dark web. The threat actor then systematically tries to use the stolen information to gain unauthorized access to accounts owned by the same user with other companies and providers, to compromise accounts where the user has stored the same password. Here, in relation to the attack on the Betting Website, there were several attempts to log into the Betting Website’s account using a large list of fake credentials.
AUSTAD and Garrison successfully accessed approximately 60,000 accounts on the Betting Website (“Victim Accounts”) through an authentication attack. In some cases, people who gained unauthorized access to a Victim Account were able to add a new payment method to the account, deposit $5 into the account through the new payment method to verify the method, and then withdraw all available funds from the Victim Account. through a new payment method (i.e., to the hacker’s newly added financial account), thereby stealing money from the Victim’s Account.
Access to Victim Accounts was sold on various sites that hosted stolen accounts, often referred to as “Shops.” AUSTAD and Garrison sold Other Victim Accounts in stores that each directly controlled, and the AUSTAD store was named after Snoopy from the Peanuts comic strip. A picture of the AUSTAD’s Shop website with the affected companies and the updated ones is below:
As for the other Victim Accounts, AUSTAD and Garrison sold them in bulk to the attackers, who in turn sold them on their Shops. STOKES operated his own Shop, using the name “TheMFNPlug,” and bought many Accounts from Garrison. Garrison and STOKES texted each other what prices STOKES should charge and what Garrison’s sales cut should be. Garrison provided STOKES with Accounts Payable with a total account balance of over $125,000.
Images from STOKES’ Instagram account advertising the availability of Bet Accounts for purchase on his Shop are below, with the updated Betting Website name:
On December 2, 2022, AUSTAD posted a message about the discovery of the investigation, “all 3 should have prepared this before releasing it lol,” and another friend responded, “lol fbi can’t do bad things.” On May 19, 2023, AUSTAD sent a message about the investigation, “as we know the danger we started lol . . . everyone knows they are cheating.”
In order to publicize the success of its Store that sold hacked accounts, AUSTAD used creative image tools to create images using the following guidelines: “8k hyper-realistic digital art snoopy hacking in 8k hyper-realistic computer with hacker stuff on the screen. ,” ” 8k hyper realistic snoopy made with a jet but instead of a smokestack it has money ways,” and, “100 bill hyper realistic but instead of a president it’s his problems.” AUSTAD also oversees cryptocurrency accounts that received approximately $465,000 in cryptocurrency, and those accounts appear to be proceeds of breaching its reputation and selling stolen accounts.
Ultimately, AUSTAD, STOKES, Garrison, and others stole approximately $600,000 from approximately 1,600 Victim Accounts.
Garrison was previously arrested in connection with the attack on the Internet betting website, and, on November 15, 2023, he pleaded guilty to conspiracy to commit computer hacking in connection with the attack. Garrison’s sentencing is scheduled for February 1, 2024, at 4:00 pm before US District Judge Lewis A. Kaplan.
AUSTAD, 19, of Farmington, Minnesota, and STOKES, 21, of Memphis, Tennessee, are each charged with (i) conspiracy to tamper with computers, which carries a maximum penalty of five years in prison; (ii) unauthorized access to a protected computer in furtherance of fraud, punishable by up to five years in prison; (iii) unauthorized access to a protected computer, which carries a penalty of five years in prison; (iv) wire fraud conspiracy, punishable by up to 20 years in prison; (v) wire fraud, which carries a maximum penalty of 20 years in prison; and (vi) aggravated identity theft, which carries a mandatory sentence of two years in prison.
The minimum and maximum penalties are provided by Congress and are provided here for informational purposes only, as each sentence for the accused will be determined by a judge.
Mr. Williams praised the great work of the FBI. Mr. Williams also thanked the New York City Police Department, the US Secret Service, and the US Attorney’s Offices for the District of Minnesota and the Western District of Tennessee for their assistance in the investigation.
The case is being investigated by the Office of Complex Frauds and Cybercrime Unit. Assistant US Attorneys Kevin Mead and Micah Fergenson are handling the case.
The allegations contained in this Complaint are mere allegations, and the defendants are presumed innocent unless convicted.
 As the preamble indicates, the entire wording of the Complaint and the description of the Complaint contained herein are allegations only, and each fact set forth therein shall be construed as an accusation.