The hacker as juvenile delinquent

The hacker as juvenile delinquent is an old meme. Hackers today are organized criminals, terrorists, government-sponsored agents of destruction. So it’s almost refreshing to read a piece where a hacker is just a bored teenager who doesn’t fit into the system. Almost refreshing because of course, he breaks things, or more specifically, into things.

“Cosmo,” the subject of this Wired piece, is quite good at breaking into people’s online accounts. He’s not a technical whiz – he’s a social hacker, able to talk people at important technology companies into doing things like changing passwords on accounts, so his friends can take them over and wreck lives. In fact, Cosmo happened to help wreck the life of the article’s author.

How much damage can today’s juvenile delinquent hackers do?

With his group, UGNazi (short for “underground nazi” and pronounced “you-gee” not “uhg”), Cosmo took part in some of the most notorious hacks of the year. Throughout the winter and spring, they DDoS’ed all manner of government and financial sites, including NASDAQ, ca.gov, and CIA.gov, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan’s DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg’s address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers. His arsenal of tricks held clever-yet-idiot-proof ways of getting into accounts on Amazon, Apple, AOL, PayPal, Best Buy, Buy.com, Live.com (think: Hotmail, Outlook, Xbox) and more. He can hijack phone numbers from AT&T, Sprint, T-Mobile and your local telco.

Wired’s striving for cred means it liberally sprinkles in hacker jargon. Those who don’t make it their business to keep up with the tech crowd will have to sneak off to look up “lulz” (laughs) and other hacker terms (don’t know DDoS means an attack that prevents an Internet service provider from providing service? Tough). But readers should push through – it’s eye-opening to see what hackers can do to get at our data. Coincidentally, the most famous social hacker of all, Kevin Mitnick, has a new autobiography out. His exploits, while impressive, were far less destructive to random individuals. But there was much less data online when Mitnick was working, and the Internet was not yet a consumer medium.

Things are different now. Cosmo’s story provides an inadvertent call-to-arms to consumers and businesses: take ownership of your data. At a minimum, find out what Netflix, Amazon and your online bank do to protect your passwords from the likes of Cosmo.

Because while Cosmo seems to sincerely regret that he’s caused harm to the writer and others, the rest of his crew do not. There’s a strain of nihilism that runs through modern hacking, with none of the noble detachment of Turgenev’s seminal nihilist Bazarov.

Cosmo’s gang shares more with certain Batman villains – they just like to make things burn. Just for lulz…

Leave a Reply