Hacker Reveals What He’s Learned

Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and

government officials, including Michelle Obama, former CIA director

John Brennan, Kim Kardashian and Tiger Woods.

The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the Internet, among other charges.

Now, Taylor is trying to help companies and recently started working for a cybersecurity start-up. Taylor's life as a hacker began when he was just 12 years old and playing video games at home.

"Just imagine being 12 and having the power just to take anybody off your video game. So I felt a lot of power. And then I started learning other things and I moved on to joining a hacking group," Taylor told CNBC.

The hacking group he joined was able to crash websites, including taking Twitter offline for about an hour in 2012, according to Taylor. Twitter did not respond to CNBC's request for comment. According to Taylor, he also accessed customer account data at major corporations like Amazon, Apple, AT&T and Netflix, sometimes gaining access to customers' personal information. The companies did not acknowledge this access.

"The security of Amazon customer accounts is one of our highest priorities," said an Amazon spokesman.
Taylor then moved on what he is most famous for – targeting celebrities and politicians and sharing their personal information.

"It was pretty hard. I actually had to go after Russian hackers that owned a website … where they sold your Social Security number, your credit reports, your address and date of birth," he said. 

"I hacked into their website and then blackmailed them with their information, and they just made me a part of the site somewhat…They gave me free credentials to buy Social Security numbers."

Every day, Taylor would post Social Security numbers, home addresses and sometimes even full credit reports on the Internet for all to see.

Sometimes Taylor and his hacking group took things even further, by participating in what is known as swatting -- prank-calling the police to report an urgent or violent crime, to get them to arrive at a location, usually someone's home.

"People that were in my group would do swatting attacks on them [people whose information was posted]. And we had a TMZ reporter that I knew personally that we tell before we did a swatting," Taylor said. Unlike many cyber gangs, Taylor says his group was not motivated by money.

"I was never financially motivated because I was just in it for the thrill and politically motivated," he said.
His message was that nobody is safe online.

"I went after people that in my mind at the time thought deserved it. But now that I reflect on it, nobody deserves to get their information stolen because it's an invasion of privacy," Taylor said.

Taylor made the website with the leaked information look like it came from Russia, but the government figured out who was really behind the postings.

"First, it was the FBI SWAT they sent in, I guess because they thought I could be armed and dangerous. And then after FBI SWAT cleared the house, they sent in the agents from Secret Service and FBI," he said explaining his fourth and final arrest.

Taylor now says he regrets posting the information. He was sentenced to probation that recently ended. Now 21 years old, Taylor says he's turned his life around.

"There is no way I could go back to hacking's dark side after all the things that I went through to just be free and be here right now," he said.

Taylor recently became an advisor to cyber-security start-up Path which helps companies make sure their websites are properly loading around the globe.

"We want to rent your computer to send network requests to various websites on the internet so that we can tell our customers how long it takes for their website to load in different areas," said Marshal Webb, Path's Chief Technology Officer.
Interestingly, Webb was once also a hacker and part of Lulz Security, which made headlines for hacking websites in 2011.

"It was a challenging thing you know? Computer systems are designed to keep you out, right?" Webb said. "It's like the most complicated game of chess you can imagine."

Taylor and Webb say their background have not scared any potential customers away.

"That's what people are looking for nowadays. They're looking for people that were experienced and had action in the front lines of hacking in the past. But are doing good now," Taylor said.

CNBC

You Might Also Read: 

Police Arrest Bank Hacker Who Stole $1B:

US Air Force Hacked By Teenager:
 

 

« Australia Points The Finger At Russia For Cyberattacks
Iran Likely To Retaliate With Cyberattacks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Bromium

Bromium

Bromium deliver a new technology called micro-virtualization to address the enterprise security problem and provide protection for end users against advanced malware.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Centro de Gestion de Incidentes Informaticos (CGII) - Bolivia

Centro de Gestion de Incidentes Informaticos (CGII) - Bolivia

CGII is the Computer Incident Management Center of the State of Bolivia.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.