With his group, UGNazi (short for “underground nazi” and pronounced “you-gee” not “uhg”), Cosmo took part in some of the most notorious hacks of the year. Throughout the winter and spring, they DDoS’ed all manner of government and financial sites, including NASDAQ, ca.gov, and CIA.gov, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan’s DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg’s address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers. His arsenal of tricks held clever-yet-idiot-proof ways of getting into accounts on Amazon, Apple, AOL, PayPal, Best Buy, Buy.com, Live.com (think: Hotmail, Outlook, Xbox) and more. He can hijack phone numbers from AT&T, Sprint, T-Mobile and your local telco.
One of their initial targets was UFC.com–the website of the Ultimate Fighting Championship–in retaliation for its support of SOPA. (They did the same to Coach.com.) Once Cosmo gathered the necessary background information on UFC’s president, Dana White, they were able to get into the company’s account with Network Solutions. Via Network Solutions, they redirected the DNS to one they controlled. Bang.
SOPA, of course, died. But UGNazi lived on. They took down the websites for the states of California and Washington and the cities of New York and Washington D.C. They took out Papa John’s website after it failed to deliver a pizza in a timely manner. They hacked into MyBB.com, the back-end that many websites use to power forums, and then hijacked its domain. They were pure mayhem.
“UGNazi was also remarkable in how they apparently had no limits on who to attack–the U.S. government, CIA, Wounded Warrior etc.” says Hypponen, “and no apparent [sense of] self preservation, which led to their demise. In this regard, UG and Lulzsec were similar.”
Cosmo is currently sitting in a prison and doesn’t even know which of the many hacks he’s about to be charged for. He’s also a 15 year old kid – the second teenager associated with hacking the UFC that we know about.