• United States



Hacktivists UGNazi attack 4chan, CloudFlare and Wounded Warrior Project

Jun 03, 20125 mins
AuthenticationData and Information SecurityDNS

After the FBI arrested Cosmo, the alleged leader of the UGNazi hacking group, the hackers attacked CloudFlare via a flaw in Google's two-factor authentication system. The CloudFlare hack allowed UGNazi to change the DNS for 4chan, so visitors to the site were redirected to a UGNazis Twitter account. The attack on the Wounded Warrior Project site was allegedly done for no reason but to spite The Jester.

abstract background light blue
Credit: Illus_man/Shutterstock

The hacktivist collective UGNazi has been extremely busy attacking the Wounded Warrior Project, CloudFlare and the imageboard site 4chan. CloudFlare admitted to the attack which allowed UGNazi hackers to change the DNS records for 4chan. Cosmo, thought to be the leader of UGNazi, tweeted about gaining access into CloudFlare and defacing 4chan:

Anyone who visited 4chan during the attack was redirected to the UGNazi’s Twitter account. The hacker group posted a video of 4chan being defaced.

According to the statement on Pastebin, the hackers are not sorry for attacking 4chan. To anyone who is offended, the group asked if you’ve lost your *bleeping* mind? is the playground that allows pedophiles to share their “collections” and the disgusting bronies to hang out. The site is loosely monitored and child porn threads are allowed to “stay alive” for an exceedingly long amount of time.

Lastly, there was no political motive here, we will not tell lies and pretend that it was all to fight an injustice. This was for the lulz. This was for the fame. This was done because only we have the skill to do it. This was done, so that we can laugh at your butthurt. We did it because we can.

4chan’s response? According to a UGNazi tweet:

Co-founder and CEO of CloudFlare Matthew Prince blogged, “A hacker was able to access a customer’s account on CloudFlare and change that customer’s DNS records.” The attack was a result of “apparent Google apps, Gmail vulnerability.” Prince said the attack started in mid-May by a hacker who “somehow convinced Google’s account recovery systems to add a fraudulent recovery email address to my personal Gmail account. The password used on my personal Gmail account was 20+ characters long, highly random, and not used by me on any other services so it’s unlikely it was dictionary attacked or guessed.”

According to CloudFlare, “The attack was the result a compromise of Google’s account security procedures that allowed the hacker to eventually access to my email addresses, which runs on Google Apps.” The Google Security team “tracked down the core issue that allowed a compromise of the two-factor authentication system.” Google reportedly told Prince that they discovered a “subtle flaw affecting not 2-step verification itself, but the account recovery flow for some accounts. We’ve now blocked that attack vector to prevent further abuse.”

Eduard Kovacs of Softpedia tweeted, “CloudFlare admits to being breached, but according to UGNazi it’s more serious than the firm thinks.” Cosmo told Softpedia that both CloudFlare and Google are wrong. “There’s no way you can social engineer a Google App. I don’t know what he was talking about. We did get in his emails though.” He added, “We got into their main server. We could see all customer account information, name, IP address, payment method, paid with, user ID, etc. and had access to reset any account on CloudFlare.” Softpedia reported, “The hackers plan on selling all the information they obtained on Darkode.”

Whoever is right, CloudFlare reset the API keys, so if you use CloudFlare as a WordPress plugin, then you’ll be required to enter a new API key.

The attack on the Wounded Warrior Project, a non-profit organization that helps wounded American service men and women, was allegedly done for no reason but to spite The Jester. As soon as UGNazi took credit for the hack, th3j35t3r tweeted, “Anonymous and UGNazi hackers hit a new ALL-TIME LOW by attacking Wounded Warrior Project.”

UGNazi, a four-man hacktivist group, had previously been known for DDoS attacks carried out using its own botnet, H Security reported. The same group attacked MyBB and the billing provider WHMCS. Cosmo is allegedly who used social engineering on HostGator in order to gain access to WHMCS and then steal 500,000 customer records, but a UGNazi tweet claimed the group used a zero-day exploit to breach WHMCS; that Pastebin has since been deleted.

The FBI arrested Cosmo and “seized the hacktivists’ website ( and Cosmo’s Twitter account.” Another member of the hacktivist group told Softpedia, “Well I’m sure he’ll be out soon and back to work. He’s been arrested before so it’s nothing new to him. Basically WHMCS called in the feds and now it’s been 9 days into the investigation and they got one of us. But we left no tracks which is why I’m sure he will be out soon.” Later, also reported by Softpedia, Cosmo said, “My lawyer got me out.”

And as seen in the attacks over the last few days, the UGNazi group has apparently been busy on hacking sprees ever since then.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.