Cosmo, the Hacker ‘God’ Who Fell to Earth

Discussion in 'Science and Technology' started by Oracle, Sep 11, 2012.

  1. Oracle

    Oracle New Member

    Mar 31, 2010
    Likes Received:
    Bangalore, India

    Cosmo is huge — 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet he’s getting bigger, because Cosmo — also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft — is just 15 years old.

    He turns 16 next March, and he may very well do so inside a prison cell.

    Cosmo was arrested along with dozens of others in a recent multi-state FBI sting targeting credit card fraud. It is the day before his court date, but he doesn’t know which task force is investigating him or the name of his public defender. He doesn’t even know what he’s been charged with. It’s tough to narrow it down; he freely admits to participation in a wide array of crimes.

    With his group, UGNazi (short for “underground nazi” and pronounced “you-gee” not “uhg”), Cosmo took part in some of the most notorious hacks of the year. Throughout the winter and spring, they DDoS’ed all manner of government and financial sites, including NASDAQ,, and, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan’s DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg’s address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers. His arsenal of tricks held clever-yet-idiot-proof ways of getting into accounts on Amazon, Apple, AOL, PayPal, Best Buy,, (think: Hotmail, Outlook, Xbox) and more. He can hijack phone numbers from AT&T, Sprint, T-Mobile and your local telco.

    “UGNazi was a big deal,” Mikko Hypponen, the chief security researcher at F-Secure, told Wired via email. “The Cloudflare hack was a big deal. They could have done much more with that technique.”

    So, yes, he is Cosmo the God. But before he was Cosmo, he was Derek*. And while Cosmo may be a god, Derek is just a kid. A high school dropout. A liar, fraud, vandal and thief. But ultimately a kid, without much adult supervision or guidance.

    I met Cosmo by accident and opportunity, after hackers used social-engineering techniques to circumvent Apple’s and Amazon’s security mechanisms and break into my accounts. They wrought enormous damage, wiping my computer, phone and tablet, deleting my Google account, and hijacking my Twitter account.

    After it happened I fell into their world and began communicating regularly with the very hacker who jacked me, a kid named Phobia. He introduced me to Cosmo, who wanted to tell me about all manner of other account vulnerabilities. And last month, I flew down to Long Beach to talk to him face to face.

    Read more @ Wired

Share This Page