A screenshot of the UGNazi hacker group’s website.

In April, a group of hackers known as the UGNazi collective brought down a number of D.C. government websites and posted private information about Mayor Vince Gray—including his Social Security number—online. One of the hackers behind the effort, Cosmo, claimed to live in Staten Island and said D.C. government websites and Gray were targeted because of federal government policies on Internet access and privacy.

We thought it rather odd that D.C.’s local government would fall pray to Cosmo’s hacking, but now it makes a little more sense—the guy didn’t really know any different. He’s 15 years old, after all.

Wired published an interview with Cosmo today—real name Derek, real home in Long Beach, Calif.—who is currently facing federal charges stemming from the various hacks he and his online pranksters led. Bringing down D.C.’s government websites is the least of it, really:

With his group, UGNazi (short for “underground nazi” and pronounced “you-gee” not “uhg”), Cosmo took part in some of the most notorious hacks of the year. Throughout the winter and spring, they DDoS’ed all manner of government and financial sites, including NASDAQ, ca.gov, and CIA.gov, which they took down for a matter of hours in April. They bypassed Google two step, hijacked 4chan’s DNS and redirected it to their own Twitter feed, and repeatedly posted Mayor Michael Bloomberg’s address and Social Security number online. After breaking into one billing agency using social-engineering techniques this past May, they proceeded to dump some 500,000 credit card numbers online. Cosmo was the social engineer for the crew, a specialist in talking his way past security barriers. His arsenal of tricks held clever-yet-idiot-proof ways of getting into accounts on Amazon, Apple, AOL, PayPal, Best Buy, Buy.com, Live.com (think: Hotmail, Outlook, Xbox) and more. He can hijack phone numbers from AT&T, Sprint, T-Mobile and your local telco.

“UGNazi was a big deal,” Mikko Hypponen, the chief security researcher at F-Secure, told Wired via email. “The Cloudflare hack was a big deal. They could have done much more with that technique.”

After getting busted for a few minor teenage indiscretions, Cosmo dropped out of high school and joined UGNazi. The hacks starts as a way to protest online privacy bills Congress was debating, but extended far beyond that—the group once hacked into Papa John’s website after they got a pizza delivered late. And so on and so forth, until Cosmo participated in a scheme to publicize 500,000 credit card numbers on the Internet. That, he told Wired, is likely what brought the FBI down on him.

The article makes an interesting point: Cosmo, like many hackers, isn’t a technical genius. If anything, he’s simply a con artist that uses both online and offline skills to get what he needs:

As he did with Prince and CloudFlare, Cosmo accomplished many of his feats by going after individuals associated with organizations UG Nazi was targeting. He would gather little bits of information here and there, collecting dox data from various online services, like addresses and credit card numbers, until he had what he needed to launch an attack. Often, he did that by calling a company’s tech support system and pretending to be a worker in another department. Sometimes he was able to pull that off by learning intimate details of a company’s back-end systems.

The article is a thrilling read, but it might make you think twice about online security.