Bookmark and Share

Hackers sometimes seek to make the world a better place with their digital fury. Other times, to the shock of the world, they end up being children who find their way into realms far beyond their years. Such is the case with hacker group UGNazi and a social engineering mastermind Cosmo. UGNazi wreaked havoc across a broad spectrum of society in the US from 2012-1014. From government officials and organizations to the Wounded Warrior Project, no target seemed to be off limits. Several key elements regarding Cosmos and UGNazi will be discussed below.

Accidental Intro:

Cosmos, otherwise known as Eric Taylor, was just like any other 11 year old playing Xbox, when one day his game got cut short unexpectedly by the actions of another player (1). He lost what he had built up the game through some scheme using software. He wasn’t going to be outdone. He was hungry to find out how this happened and eventually got to the bottom of it. This was a new beginning. Cosmos figured out how to access the accounts of other players. He then moved on to accessing accounts for other types of companies (1).

Social Engineer:

Once he got a taste for circumventing corporate systems, Cosmo was off to the races. A social engineer was born. Social engineering is manipulating people and their data to gain access to their accounts (3). Cosmo was incredible at it. Perhaps aided by his youthful ignorance and zest to push beyond the limits a seasoned adult would dare tread. Cosmo was able to access almost any type of account from Gmail to Paypal. Cosmo would use various websites to retrieve data about people, such as name, address and social, then he would use the data to reset the passwords on their accounts. Once he had the passwords reset, he was in control of what happened from there. In an interesting twist, Cosmo coming forward to be interviewed after his arrest actually lead AOL and PayPal to close security loops he exposed (1).

Taking on Giants:

One of Cosmos friends, Josh the god, was well aware of his skills. He invited Cosmos to be a part of something much greater than the small time fraud activities Cosmo was involved in (1). Josh and his new hacker group, UGNazi, wanted to take on the CIA and other organizations he felt like were doing the wrong things. Cosmo was easily swayed and UGNazi suddenly became the powerhouse Josh must’ve envisioned. They hacked the UFC, the CIA, and even Pappa John’s Pizza. UGNazi also regularly published high profile government officials and celebrities online through a site they controlled called Exposed.su (4).

Arrest:

Cosmos was arrested before he even turned 16. He was living with his grandmother at the time in Longbeach, California (1). While it was unclear initially what all he would be charged with, in the end it didn’t seem to matter much. He initially received 2 years’ probation with the final tally actually being 3 years’ probation (4). Other than a few uncomfortable nights in a juvenile detention center, Cosmo didn’t have to spend any time in jail.

Summary:

The boldness of teens often can be underestimated as far as its effectiveness. When masked through digital communication and over the phone, Cosmo and UGNAZI were able to bring giants in America to their knees, momentarily anyway. A spotlight on injustice, if only for a moment, seemed to be what UGNazi was after. Cosmo’s relentless social engineering achieved its short term goals and did not cost him his freedom or the opportunity to have a fresh start after becoming an adult. For all of the effectiveness of short-term actualization UGNAzi may have experienced, exposing the security loopholes in some of the largest companies in the world, may well have had the lasting impact of making the world a little safer.

To learn about other hackers and their stories check out Careers in Cybersecurity’s Blog!

References:

  1. https://www.wired.com/2012/09/cosmo-the-god-who-fell-to-earth/
  2. https://www.forbes.com/sites/andygreenberg/2012/05/22/hackers-impersonate-web-billing-firms-staff-to-spill-500000-users-passwords-and-credit-cards/#7f14fb37ae64
  3. https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering
  4. https://www.bleepingcomputer.com/news/security/ugnazi-hacker-who-doxed-trump-clinton-obama-and-others-gets-no-prison-time/