http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/ By Mat Honan Gadget Lab Wired.com September 11, 2012 Cosmo is huge — 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet he’s getting bigger, because Cosmo — also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft — is just 15 years old. He turns 16 next March, and he may very well do so inside a prison cell. Cosmo was arrested along with dozens of others in a recent multi-state FBI sting targeting credit card fraud. It is the day before his court date, but he doesn’t know which task force is investigating him or the name of his public defender. He doesn’t even know what he’s been charged with. It’s tough to narrow it down; he freely admits to participation in a wide array of crimes. With his group, UGNazi (short for “underground nazi” and pronounced “you-gee” not “uhg”), Cosmo took part in some of the most notorious hacks of the year. Throughout the winter and spring, they DDoS’ed all manner of government and financial sites, including NASDAQ, ca.gov, and CIA.gov, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan’s DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg’s address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers. His arsenal of tricks held clever-yet-idiot-proof ways of getting into accounts on Amazon, Apple, AOL, PayPal, Best Buy, Buy.com, Live.com (think: Hotmail, Outlook, Xbox) and more. He can hijack phone numbers from AT&T, Sprint, T-Mobile and your local telco. “UGNazi was a big deal,” Mikko Hypponen, the chief security researcher at F-Secure, told Wired via email. “The Cloudflare hack was a big deal. They could have done much more with that technique.” So, yes, he is Cosmo the God. But before he was Cosmo, he was Derek*. And while Cosmo may be a god, Derek is just a kid. A high school dropout. A liar, fraud, vandal and thief. But ultimately a kid, without much adult supervision or guidance. I met Cosmo by accident and opportunity, after hackers used social-engineering techniques to circumvent Apple’s and Amazon’s security mechanisms and break into my accounts. They wrought enormous damage, wiping my computer, phone and tablet, deleting my Google account, and hijacking my Twitter account. [...] -- #HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia with no keynotes, no labs - just three tracks filled with our most popular speakers from the last decade: http://conference.hitb.org/Received on Wed Sep 12 2012 - 02:07:47 PDT
This archive was generated by hypermail 2.2.0 : Wed Sep 12 2012 - 02:19:20 PDT