Fifteen year old kids can be unpredictable. But one fifteen-year-old, a hacker who goes by the moniker Cosmo the God, is downright scary. He's a highly-skilled social engineer who is capable of stealing your digital life right out from under you. And he doesn't even have his drivers' license yet.
Wired has a borderline frightening look at how, along with his group UGNazi, a kid you'd think would be getting in trouble for talking in class rather than messing with high-profile companies, became wanted by the FBI:
They DDoS'ed all manner of government and financial sites, including NASDAQ, ca.gov, and CIA.gov, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan's DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg's address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers.
Cosmo, who is currently being held in a juvenile detention centre, explains that many of these attacks he's taken part in aren't all that difficult—in many cases all he needed was a few pieces of information like the last four digits of a social security number and an email address:
He would gather little bits of information here and there, collecting dox data from various online services, like addresses and credit card numbers, until he had what he needed to launch an attack. Often, he did that by calling a company's tech support system and pretending to be a worker in another department. Sometimes he was able to pull that off by learning intimate details of a company's back-end systems.