Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ex-Senate Aide Sentenced to 4 Years in Prison for Data Leak

A former congressional staffer was sentenced to four years in prison Wednesday after pleading guilty to illegally posting online the home addresses and telephone numbers of five Republican senators who backed Brett Kavanaugh’s Supreme Court nomination.

A former congressional staffer was sentenced to four years in prison Wednesday after pleading guilty to illegally posting online the home addresses and telephone numbers of five Republican senators who backed Brett Kavanaugh’s Supreme Court nomination.

Jackson A. Cosko, a former computer systems administrator in the office of Sen. Maggie Hassan, D-N.H., pleaded guilty to five federal offenses, including making public restricted personal information, computer fraud, witness tampering and obstruction of justice.

His sentencing came as a second former Hassan aide was charged with assisting Cosko in revealing the private information, a practice known as “doxing.”

Samantha Deforest Davis, who worked as a staff assistant for Hassan until last December, faces misdemeanor charges of aiding and abetting computer fraud and attempted tampering with evidence. She was fired in December after Capitol Police discovered her possible involvement in the case.

Cosko, 27, of Washington, was fired from his job in May 2018 for what Hassan’s office said was failing to follow office procedures. His access to the senator’s office and her computer systems was terminated.

Cosko admitted he was angry over his firing, and he began an “extensive computer fraud and data theft scheme” that he carried out by repeatedly burglarizing Hasan’s office, court records show.

During these break-ins, Cosko copied dozens of gigabytes of data from office computers, including dozens of user names and passwords belonging to Senate employees and personal contact information for numerous sitting senators.

In late September, while watching television coverage of Kavanaugh’s confirmation hearing before the Senate Judiciary Committee, Cosko became angry at several Republican senators. He acted on that anger, according to court records, by “maliciously publishing” on Wikipedia and Twitter the home addresses and telephone numbers of Republican Sens. Lindsey Graham of South Carolina, Mike Lee of Utah and Orrin Hatch of Utah. Hatch retired in January after 42 years in the Senate.

Cosko intended publication of the data to intimidate the senators and their families, the court records say. Cosko had the same goal in mind a few days later when he also published personal contact information for Senate Majority Leader Mitch McConnell and Sen. Rand Paul, both Kentucky Republicans.

A Justice Department statement and court records also describe how Cosko threatened a witness who saw him at a computer in Hasan’s office on the night of Oct. 2. The witness, who isn’t identified by name, confronted Cosko and he left the office.

Cosko sent a threatening email to the witness later that evening that read, “I own EVERYTHING,” and warned the person, “If you tell anyone I will leak it all.”

He was arrested the next day by U.S. Capitol Police.

Kavanaugh was confirmed as a Supreme Court justice on Oct. 6.

A spokesman for Hassan said Wednesday that she is grateful to Capitol Police and the U.S. Attorney’s Office for their work to bring Cosko to justice.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...