Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ex-Senate Aide Sentenced to 4 Years in Prison for Data Leak

A former congressional staffer was sentenced to four years in prison Wednesday after pleading guilty to illegally posting online the home addresses and telephone numbers of five Republican senators who backed Brett Kavanaugh’s Supreme Court nomination.

A former congressional staffer was sentenced to four years in prison Wednesday after pleading guilty to illegally posting online the home addresses and telephone numbers of five Republican senators who backed Brett Kavanaugh’s Supreme Court nomination.

Jackson A. Cosko, a former computer systems administrator in the office of Sen. Maggie Hassan, D-N.H., pleaded guilty to five federal offenses, including making public restricted personal information, computer fraud, witness tampering and obstruction of justice.

His sentencing came as a second former Hassan aide was charged with assisting Cosko in revealing the private information, a practice known as “doxing.”

Samantha Deforest Davis, who worked as a staff assistant for Hassan until last December, faces misdemeanor charges of aiding and abetting computer fraud and attempted tampering with evidence. She was fired in December after Capitol Police discovered her possible involvement in the case.

Cosko, 27, of Washington, was fired from his job in May 2018 for what Hassan’s office said was failing to follow office procedures. His access to the senator’s office and her computer systems was terminated.

Cosko admitted he was angry over his firing, and he began an “extensive computer fraud and data theft scheme” that he carried out by repeatedly burglarizing Hasan’s office, court records show.

During these break-ins, Cosko copied dozens of gigabytes of data from office computers, including dozens of user names and passwords belonging to Senate employees and personal contact information for numerous sitting senators.

In late September, while watching television coverage of Kavanaugh’s confirmation hearing before the Senate Judiciary Committee, Cosko became angry at several Republican senators. He acted on that anger, according to court records, by “maliciously publishing” on Wikipedia and Twitter the home addresses and telephone numbers of Republican Sens. Lindsey Graham of South Carolina, Mike Lee of Utah and Orrin Hatch of Utah. Hatch retired in January after 42 years in the Senate.

Advertisement. Scroll to continue reading.

Cosko intended publication of the data to intimidate the senators and their families, the court records say. Cosko had the same goal in mind a few days later when he also published personal contact information for Senate Majority Leader Mitch McConnell and Sen. Rand Paul, both Kentucky Republicans.

A Justice Department statement and court records also describe how Cosko threatened a witness who saw him at a computer in Hasan’s office on the night of Oct. 2. The witness, who isn’t identified by name, confronted Cosko and he left the office.

Cosko sent a threatening email to the witness later that evening that read, “I own EVERYTHING,” and warned the person, “If you tell anyone I will leak it all.”

He was arrested the next day by U.S. Capitol Police.

Kavanaugh was confirmed as a Supreme Court justice on Oct. 6.

A spokesman for Hassan said Wednesday that she is grateful to Capitol Police and the U.S. Attorney’s Office for their work to bring Cosko to justice.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.