15yr Old Boy Who Hacked Security Systems of CIA, Google, PayPal, Amazon etc

Started by MyInfoStride, Oct 06, 2012, 10:27 PM


Is the Internet really secure nowadays? Do we really have secure systems? What does security really entail? Human or Machine factor! I stumbled across the article titled "The Hacker God Who Fell To Earth" which narrated the story of COSMO. I was perturbed with high-scale hacking he performed at just 15. Mat Honan says "He's just 15 but COSMO fooled the most sophisticated internet security systems, as well as Google, Paypal and the CIA". Read the full story below and share your comment:

COSMO was 6ft 7in (2m) the last time he was measured at a detention facility in California. But he's still growing because Cosmo – also known as Cosmo The God who weaseled his way past security systems at Amazon, Apple, AOL, PayPal, Netflix and Microsoft – is just 15 years old.

Arrested along with dozens of others in an FBI sting, he doesn't know what he's been charged with – it's tough to narrow it down – but freely admits to his participation in an array of crimes. He is currently awaiting a court date.

With his group UGNazi (short for Underground Nazi), Cosmo allegedly helped bring down sites linked to the Nasdaq stock market and the CIA. They even took out Papa John's website after it failed to deliver a pizza on time.

They've apparently bypassed Google's verification systems and posted New York mayor Michael Bloomberg's address and social security number on the internet. Then, after breaking into one billing agency, they dumped 500,000 credit card numbers online.

Cosmo expresses remorse for the people still having accounts compromised via methods he pioneered but, despite his impressive arsenal of tricks, he's still just a child.

I met him after hackers broke into my Apple and Amazon accounts. I fell into their world, where Cosmo told me about all manner of other account vulnerabilities – and that the FBI sting wasn't his first brush with the law.

'I also got, I guess you could say arrested, in October 2011,' he says. 'Someone called in a bomb threat to my school. They did it every day of the school week and on the fifth day they called in, said my name and that I had a gun. It was other hackers.'

Cosmo's name and address have long been published online, making him a target for other hackers jealous of his notorious reputation. 'Someone also swatted my house,' he says. 'It happens a lot to me.' Swatting is a prank where a hacker uses an internet call system to report a hostage situation, which scrambles emergency services to the victim's doorstep.

Cosmo got into hacking via online gaming. He discovered how to obtain opponents' details using off-the-shelf programmes such as Cain & Abel. Once he had a gamer's basic details, he could infiltrate other accounts.

'I called Netflix and it was so easy,' Cosmo says. 'They asked: "What's your name?" and I said: "Todd," gave them his e-mail address and they said: "Alright, your password is 12345," and I was signed in. I figured if Netflix could score, so could any big provider. Back then, Amazon was easier.' Some of Cosmo's techniques are incredibly complicated, such as the method he developed for getting into PayPal.

PAYPAL accounts are a trove of information. That information can, in turn, be used to obtain password resets on all sorts of other sites. What's more, once inside someone's PayPal account, you can rob them.

'You have to add a bank account,' explains Cosmo. 'You can make a virtual bank account on eTrade.com with info from FakeNameGenerator.com.'

Cosmo says he's incriminating himself before his trial to tell me about a specific AOL security loophole he wants closed. To get a password reset on a free AOL e-mail account, you have to give the over-the-phone tech support worker the first and last name and postcode. For a paid account, AOL asks for an address or the last four digits of the credit card on file. 'That's all you need to do,' adds Cosmo.

As a direct result of Cosmo coming forward, PayPal and AOL have now changed their account security procedures.

Cosmo squirms in his chair as we sit in his grandmother's living room. Her small apartment, with dark brown carpeting, is directly downstairs from his own. It's hot, even sitting next to a fan. There is a picture of Jesus on a table.

Cosmo lives in the apartment upstairs with his mother, who he says typically works six days a week. She gets home late in the evening. He doesn't speak to his father. When I look up their address on Crime Reports, it is right on the border of a zone where crime is extremely frequent and violent.

Cosmo was still sleeping when the police arrived at his apartment. Officers and a detective with the Long Beach Police Department searched his home and seized three of his netbooks and his iPod Touch. They put him in handcuffs and refused to let him change clothes. Then they took him to the Los Padrinos Juvenile Hall, where he spent the next two days. They raided his grandmother's home, too. I wonder how much of what Cosmo has told me is true. The only thing I am certain of is that online security is an illusion.

Source: wired.com via metroherald.ie