Meanwhile, he had more time than ever to devote to his particular brand of hacking, also known as socialing.After the bomb threats, he was asked to leave Woodrow Wilson High School in October. The next month, an online friend of his approached him about joining a new hacking team.
But his success was an ah-ha moment."I figured that if Netflix could score, so could any big provider. That's when I figured out you just have to go to to get a credit card number.
So, I would just add the card, hang up, call back, give them the last four and they'd reset it."This Amazon method, the same one other hackers used to break into my accounts, was one of Cosmo’s innovations.
(Although other hackers also claim to have discovered it independently.) I ask him how he figured out he could pull it off, because it’s as clever as it is devious. “It just came to me.”Enter UGNazi ————Cosmo was soon finding all manner of sources for getting information: Hulu, Buy.com, Best Buy, Pay Pal, Apple and AOL all offered avenues into others' accounts, where he could peep in at credit card numbers, addresses and emails.
He learned new social-engineering techniques online and likewise passed along what he knew to others.
It is the day before his court date, but he doesn’t know which task force is investigating him or the name of his public defender. It’s tough to narrow it down; he freely admits to participation in a wide array of crimes.
With his group, UGNazi (short for "underground nazi" and pronounced "you-gee" not "uhg"), Cosmo took part in some of the most notorious hacks of the year.
There is a constant information trade back and forth online.
IRC and AIM are the user manuals to every back-end customer service system in corporate America.
He discovered that this was done via a simple trick, where one gamer turns a script on his opponent's IP address. It was easy and required nothing more than off-the-shelf programs, like Cain and Able. Derek discovered that the person who owned the "Cosmo" gamer tag also had a Netflix account.
And that's how he became Cosmo."I called Netflix and it was so easy," he chuckles. ' and I said, ' Todd [Redacted],' gave them his e-mail, and they said, ' Alright your password is 12345,' and I was signed in. That's when I filled out the Windows Live password-reset form, which just required the first name and last name of the credit card holder, the last four digits, and the expiration date."This method still works.
– 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26.