About
UGNazi, short for the Underground Nazi Hacktivist Group, is a computer hacker group best known for their staunch opposition to CISPA and SOPA and practice of DDoSDDoS (distributed denial of service) attacks against United States government websites in retaliation to the bills. Members of the group are also known for hacking the Twitter accounts of two Westboro Baptist Church members following the Sandy Hook school shooting in late 2012.
Online History
The UGNazi Twitter account @UG[1] was created on December 9th, 2011. Their first orchestrated DDoS attacks were against Coach.com, CoachFactory.com[4] and UFC.com[5] after the companies had announced their support of the Stop Online Piracy Act. The group redirected all three domain names to the now-defunct UGNazi.com, where they also began cataloging all of their targets.[2] At this point, the website[7] claimed that the group was run by hackers known as Josh The God[16], MrOsama and AntiGov.[8] Following the hacks, the group compiled a list[6] of dozens of forum threads and news articles about their actions, adding pieces of commentary about the discussions. Both sites were only down for a short period of time.
April 2012: Government DDoS
In April 2012, the group had expanded to include two new hackers Cosmo and s3rver.exe, while AntiGov was no longer listed on their website.[9] The same month, they began attacking government websites beginning with New York City’s official website nyc.gov[10] on the 18th under the guise of “AlQaedaSec.” Over the next several days, the group took down dozens of sites including the District of Columbia[11], Washington DC’s tourism board[12], NASDAQ[13]. the CIA, the FBI and the Department of Justice[14] in protest of the Cyber Intelligence Sharing and Protect Act (CISPA). Each website was down for several hours while Cosmo the God[15] and Josh the God[16] took to Twitter to brag about their exploits.
<a href="https://twitter.com/dcra">dcra</a> You just got 911'd, <a href="http://t.co/UpjRegZV" title="http://dc.gov">dc.gov</a> => Tango Down! <a href="http://t.co/fmm2o2tc" title="http://news.softpedia.com/news/Hackers-Attack-Heart-of-US-District-of-Columbia-Site-Down-265228.shtml?utm_source=twitter&utm_medium=twitter&utm_campaign=twitter_web">news.softpedia.com/news/Hackers-A…</a> <a href="https://twitter.com/search/%23UGNazi">#UGNazi</a> <a href="https://twitter.com/search/%23lulz">#lulz</a></p>— Cosmo (
ThaCosmo) April 19, 2012
May 2012: Credit Card Data Leak
On May 21st, 2012, members of UGNazi impersonated British billing company WHMCS’ creator and lead developer Matt Pugh to obtain access codes to the company’s servers[17], which they used to temporarily take the site offline, delete important data and hijack the company’s Twitter account.[18] Additionally, they leaked more than 1.7 gigabytes of data[19], including more than 500,000 user names, passwords, IP addresses and credit card information. A member of UGNazi told Softpedia they did this after finding that the company did not take any action against the “cybercriminals” who were using their services to sell illegal hosting and malware, among other things. Nine days after the breach, the FBI seized UGNazi.com and arrested then fifteen-year-old Cosmo[20] for allegedly orchestrating the impersonation and obtaining the access information.
Despite Cosmo’s arrest, on June 21st, 2012, UGNazi took credit[30] for 40 minute Twitter outage, though the company claimed it was due to a “cascaded bug”[29] in their infrastructure. On June 26th, Cosmo and JoshTheGod were two of 24 people arrested as part of an FBI sting known as “Operation Card Shop”[21], in which the government agency tracked credit card thieves through the fake marketplace carderprofit.cc for two years. JoshTheGod, whose real name is Mir Islam[22], was arrested in New York City following a meetup with someone he thought was another user on the site.[23] Cosmo was arrested in California, but his name was not released as he was a minor. Following the arrests, Cosmo tweeted about it, calling out another hacker known as The Jester after he took credit for being involved in the sting.
Me and Josh were arrested early monday morning. I was just released,
<a href="https://twitter.com/th3j35t3r">th3j35t3r</a> you can't arrest an idea. <a href="https://twitter.com/search/%23UGNazi">#UGNazi</a> <a href="https://twitter.com/search/%23longbeach">#longbeach</a></p>— Hannah Sweet (
CosmoTheGod) June 28, 2012
Following these arrests, Anonymous began to target The Jester[24][25], hacking into his email, blog and social networking accounts[26] in early July. Days later, Cosmo confirmed to the International Business Times[27] that The Jester was not involved, stating that FBI Agents were “laughing about Jester taking credit.” That September, Cosmo was profiled by Wired[3], where he imparted some explanations of his social engineering hacking methods. Two months later, he was sentenced to six years probation, during which he would not be allowed to use the internet unsupervised and without consent from his parole officer.
December 2012: Westboro Church Twitter Hack
Following the events of the Sandy Hook Elementary School Shooting, members of the Westboro Baptist Church threatened to picket the funerals of the children killed in the massacre via Twitter on December 14th, 2012.[33] Two days later, @CosmoTheGod violated his parole by breaking into the account of WBC spokeswoman Shirley Lynn Phelps-Roper[31], which was suspended nearly a day later. On the 19th, Cosmo also hacked into the Twitter account of the Church’s leader, Fred Phelps Jr.[32] On December 20th, 2012, the day following the Westboro Baptist Church Twitter account takeovers, UGNazi claimed they were responsible for another CIA website outage.[34]
This account is now being ran by
<a href="https://twitter.com/cosmothegod">cosmothegod</a> <a href="https://twitter.com/search/%23UGNazi">#UGNazi</a> <a href="https://twitter.com/search/%23oops">#oops</a></p>— Westboro Baptist (
WBCSays) December 17, 2012
Search Interest
External References
[3]Wired – Cosmo, the Hacker ‘God’ Who Fell to Earth
[4]Techie Buzz – Coach.com and Coachfactory.com Hacked to Protest Against SOPA by UGNazi Group
[5]USA Today – UFC website hacked for short period
[8]Twitter – @OpAntiGov
[9]Softpedia – Hackers Attack “Heart” of US, District of Columbia Site Down
[10]Softpedia – AlQaedaSec Launch DDOS Attack on New York City Website (Updated)
[11]DCist – Hackers Launch DDoS Attack on D.C. Government Websites
[12]DCist – Hackers Continue Attacks on D.C., Post Info About Gray
[13]Softpedia – NASDAQ Site Taken Down by UGNazi Hackers
[14]Softpedia – UGNazi Hackers Launch DDOS Attacks on CIA, DOJ Sites to Protest CISPA
[16]Twitter – @JoshTheGod
[17]WHMCS Forums – 21st May 2012 – Further Update
[18]Forbes – Hackers Impersonate Web Billing Firm’s Staff To Spill 500,000 Users’ Passwords And Credit Cards
[19]Softpedia – UGNazi Leaks 1.7 GB of Data from WHMCS Servers
[20]Softpedia – UGNazi Hacker Cosmo Arrested After WHMCS Breach
[21]Wall Street Journal – Arrests Made in Massive Online Sting Operation
[22]The New York Times – F.B.I. Says 24 Are Arrested in Credit Card Theft Plan
[23]Wired – Feds Arrest 24 in Global Carding Ring Bust
[24]Kevin Townsend – Did Jester take down UGNazi?
[25]International Business Times UK – Anonymous Targets ‘Good Hacktivist’ the Jester after Arrest of UGNazi Members
[26]th3j35t3r – Jester, it’s time to retire
[27]International Business Times – The Jester’s Claims a Joke, Says UGNazi Hacker Cosmo
[28]DCist – Hacker Who Attacked D.C. Government Websites Sentenced to Probation, Won’t Be Able to Use Internet For Six Years
[29]Wired – Outage Hurts Twitter More Than It Hurts You
[30]Mashable – Hackers Take Credit for Twitter Outages
[31]Washington Post – Westboro Baptist Church Twitter account hacked
[32]Gizmodo – UGNazi Hackers Seize Another Westboro Baptist Church Hate Account
[33]Huffington Post – Hackers’ Westboro Baptist Church Blitz Continues: UG Nazi, Jester, Anonymous Take Down Twitter Accounts, Sites
[34]Gothamist – CIA Website Down, UGNazi Hackers Claim Responsibility