Social engineer whiz kid Cosmo gets six-year Internet ban

Cosmo, the 15 year-old member of the hacking crew UG Nazi began a six-year Internet lock down this week after striking a plea bargain over a host of crimes, including an international credit card fraud bust led by the FBI last year that extended to Australia.

Cosmo was sentenced in a Californian juvenile court last week which banned him from using the internet without permission from his parole officer, according to a report by Wired.

Cosmo’s arrest was announced in late June as part of the FBI’s two-year “Operation Card Shop” investigation. However the young hacker, known for his ability to trick tech support staff into giving up customer credentials, was arrested in late May. Authorities from Australia made up one of seven nations’ law enforcement that conducted search warrants related to the operation.

One of the more well-known escapades UG Nazi pulled off using social engineering techniques inspired by Cosmo was re-directing 4Chan message board visitors to UG Nazi’s Twitter page. UG Nazi were able to do this after compromising 4Chan’s CDN provider, CloudFlare, in an attack that side-stepped Google App’s two-factor authentication.

A member of UG Nazi had tricked a support representative from US carrier AT&T into changing the forwarding number for messages to CloudFlare’s CEO, Matthew Prince, unravelling the account recovery steps tied to his Google Apps account.

The attack on 4Chan followed Cosmo’s reported arrest in late May. Cosmo was arrested following the breach of UK billing software company WHMCS, which was made possible after UG Nazi -- and possibly Cosmo -- tricked the software firm’s web host into coughing up credentials for the WHMCS server that was the source of a 1.7GB leak and included credit card details.

The juvenile hacker avoided a three-year prison term by agreeing to the six-year Internet lockdown probation, which prevents him from unsupervised access to the Internet and limits his usage to education-related activities. He must also disclose all passwords, logins and internet-connected devices until he turns 21 and is banned from communicating with UG Nazi and Anonymous, according to the Wired report.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags internetCosmo


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

AVG Internet Security 2011 Business Edition

Ultimate protection for your small or medium-sized business

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.