Teenagers can be unpredictable, but this one 15-year-old is downright scary. He’s a hacker who goes by the moniker Cosmo the God. He’s a highly skilled social engineer who is capable of stealing your digital life from right under you. And he doesn’t even have his driver’s licence yet.
They DDoS’ed all manner of government and financial sites, including NASDAQ, ca.gov, and CIA.gov, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan’s DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg’s address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers.
Cosmo, who is currently being held in a juvenile detention centre, explains that many of these attacks he’s taken part in aren’t all that difficult — in many cases all he needed was a few pieces of information, like the last four digits of a social security number and an email address:
He would gather little bits of information here and there, collecting dox data from various online services, like addresses and credit card numbers, until he had what he needed to launch an attack. Often, he did that by calling a company’s tech support system and pretending to be a worker in another department. Sometimes he was able to pull that off by learning intimate details of a company’s back-end systems.