…in which, our intrepid security geek finds out that there is a $400 bounty on his head.

Posts like this don’t have much technical content, but they’re fun, and the last one has been a wildly popular part of the site.  While you’re laughing your butt off, I hope you take away the real message here: do some background research on who you’re dealing with in the computer security scene.  If you got here by googling up information on this particular skiddie, then you’re already one step ahead of the game.  Just because someone has a legit-looking website and blog doesn’t mean they’re on the up-and-up :)

Since my first post about Yousif’s activities, I’ve had the pleasure of many late-night phone calls from him, being DOS’d for about a half hour, and having his friend threaten to hack my coffee maker.  I was promised a beat-down at Black Hat, although I unfortunately could not make it.  I am, however, sort of disappointed that I don’t warrant being stabbed, like Yousif has threatened to do to Lee Hinman over at the excellent writequit.org blog.  He is, however, willing to pay someone else to do the dirty work.

In the meantime, he hasn’t let up in his activities.  He has been hanging out on an Internet marketing forum, although his taste for script-kiddie hacking has not subsided.  He still has a penchant for attacking sites outside of well-defined pen-tests, still loves to threaten people who correct him, and runs his own small botnet.

Apparently looking to supplement his vapt-sec.com income with some cost-per-action fraud, he’s been hunting around for cohorts to develop software to fill out forms and offers on CPA advertisers, and to come in through his referral links from multiple IP addresses to fill out forms.  I took this as an opportunity to form my own “black hat” alter-ego, and have a good heart-to-heart chat with Yousif.  After a couple of boring evening chat sessions building up my “black hat” cred with him, he began to open up.

The following are some choice excerpts and quotes.  I’ve censored both his language and mine.  I do swear in-person, occasionally on IRC, and rarely on the blog, however I did ratchet it up about 12 notches with “elite yousif”, to build rapport.

Since he gets others to write his software for him, he occasionally gets his languages confused:

11:03:05 PM elite yousif: So
11:03:12 PM elite yousif: You know anyone who has botnets
11:03:39 PM bhb: i have a couple friends who might.  have a need?
11:03:50 PM elite yousif: Yeah
11:04:37 PM elite yousif: It’s quite helpful in CPA
11:05:16 PM bhb: yeah i was thinking of writing some code to work through a botnet, filling stuff and using the random ID generator
11:05:27 PM elite yousif: No need, lol.
11:05:35 PM elite yousif: I’m making something like that as we speak.
11:05:39 PM bhb: nice
11:05:50 PM bhb: what language do you code in
11:06:01 PM elite yousif: What language did I code this in?
11:06:11 PM bhb: yah
11:06:41 PM elite yousif: Net
11:06:54 PM bhb: c#
11:06:55 PM bhb: ?
11:07:21 PM elite yousif: nope
11:07:22 PM elite yousif: .NET <
11:07:29 PM elite yousif: Microsoft, ya know?
11:08:01 PM bhb: .net’s a platform, theres lots of languages you can code targeting .net
11:08:06 PM bhb: vb.net maybe?
11:08:13 PM elite yousif: Yeah, that’s right.
11:08:21 PM elite yousif: Vb.NET <

Don’t mess with this guy.  Especially in school:

11:56:56 PM elite yousif: No one ***** w/ me..
11:56:59 PM elite yousif: No one @ all.
11:57:02 PM elite yousif: Not even in school
11:57:03 PM elite yousif: They know
11:57:05 PM elite yousif: I can change their grade
11:57:09 PM elite yousif: expell them
11:57:10 PM elite yousif: frame them
11:57:11 PM elite yousif: etc
11:57:17 PM elite yousif: I can drop your docs too
11:57:21 PM elite yousif: know what shoe size you wear
11:57:23 PM bhb: heh nice
11:57:25 PM elite yousif: know your fam history
11:57:27 PM elite yousif: CC
11:57:29 PM elite yousif: S#
11:57:30 PM elite yousif: where u live
11:57:30 PM elite yousif: etc
11:57:59 PM bhb: knock some kiddies on their ***** online lol
11:58:18 PM elite yousif: lol
11:58:59 PM bhb: ***** haters lol
11:59:09 PM elite yousif: I know AOL internals too
11:59:11 PM elite yousif: ppl who work there
11:59:13 PM elite yousif: with high privs.
11:59:14 PM elite yousif: can easily
11:59:16 PM elite yousif: hi jack
11:59:19 PM elite yousif: any AOL/AIM account
11:59:22 PM elite yousif: and get info behind it
11:59:23 PM elite yousif: =D
11:59:31 PM elite yousif: i social engineer as well
12:00:08 AM bhb: hah that’s useful

A social engineering mastermind, to be sure.

Here, he’s a little sore that his affiliate program dropped him after figuring out his referrals weren’t legitimate:

12:03:12 AM elite yousif: you haven’t made any money in CPA yet?
12:03:43 AM bhb: haven’t even started.  just been reading up on it on the side, besides coding and work
12:04:30 AM elite yousif: ah
12:04:40 AM bhb: you made much?
12:04:42 AM elite yousif: I got my account terminated
12:04:45 AM elite yousif: 2 days ago
12:04:48 AM elite yousif: from a network
12:04:52 AM elite yousif: ***** bro, i swear
12:04:52 AM bhb: haters
12:04:53 AM elite yousif: I lost
12:04:56 AM elite yousif: 2000+ dollars
12:04:59 AM elite yousif: I better get my ***** back
12:05:00 AM elite yousif: OR
12:05:08 AM elite yousif: I’m gonna make my affiliate managers life a living HELL
12:05:14 AM elite yousif: I have access to her AIM account
12:05:15 AM elite yousif: verizon
12:05:17 AM elite yousif: photobucket
12:05:19 AM elite yousif: paypal
12:05:20 AM elite yousif: blogger
12:05:23 AM elite yousif: and some other *****
12:05:25 AM elite yousif: and facebook
12:05:29 AM elite yousif: she doesn’t know it yet
12:05:31 AM elite yousif: but I phished that *****

Bragging about taking down RSnake’s site (note: there’s an excellent chance this never really happened):

3:00:44 AM elite yousif: you know rsnake?
3:00:46 AM elite yousif: robert hansen
3:00:48 AM elite yousif: famous as *****..
3:00:49 AM bhb: yeah
3:00:51 AM elite yousif: k
3:00:51 AM elite yousif: well
3:00:53 AM elite yousif: his site
3:00:54 AM elite yousif: let me find it
3:01:03 AM bhb: ha.ckers.org or something
3:01:22 AM elite yousif: nah
3:01:23 AM elite yousif: his company
3:01:29 AM bhb: oh i dunno
3:02:26 AM bhb: sectheory?
3:02:58 AM elite yousif: yeah
3:02:59 AM elite yousif: rofol
3:03:02 AM elite yousif: i ddosed that
3:03:03 AM elite yousif: with my friend
3:03:04 AM elite yousif: in like
3:03:05 AM elite yousif: what
3:03:06 AM elite yousif: maybe
3:03:09 AM elite yousif: 3 mins
3:03:10 AM elite yousif: it was down
3:03:14 AM elite yousif: some security expert eh?

If there were any doubts about how he’s taking part in CPA fraud:

4:44:10 PM bhb: how are you supposed to make any money at it if you arent botting it anyways lol
4:44:25 PM elite yousif: what do you mean?
4:44:48 PM bhb: like automating it through a bunch of proxies/bots
4:45:02 PM bhb: how can you find that many people wanting to do it legit to keep making money
4:45:14 PM elite yousif: lol
4:45:17 PM elite yousif: u infect more victims
4:45:22 PM elite yousif: you market your trojan or w.e.
4:45:27 PM elite yousif: and more ppl open it
4:45:37 PM bhb: heh yeah so a loose definition of “legit” lol :D
4:45:48 PM elite yousif: yep
4:45:48 PM elite yousif: lol
4:45:59 PM elite yousif: you know what company is cool though?
4:46:03 PM bhb: you have nice custom trojans for it?
4:46:03 PM elite yousif: ******
4:46:10 PM elite yousif: i talked to the owner
4:46:10 PM bhb: cool you work with them too?
4:46:12 PM elite yousif: really cool guy
4:46:14 PM elite yousif: says
4:46:18 PM elite yousif: i can do black hat if i want
4:46:21 PM elite yousif: and he wont term. my account

Then, I managed to get him on the subject of yours truly :) :

5:02:12 PM elite yousif: LOL
5:02:19 PM elite yousif: http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0545.html
5:02:21 PM elite yousif: that link u sent me
5:02:25 PM elite yousif: i know the guy who wrote that
5:02:27 PM elite yousif: wesley mcgrew
5:02:30 PM elite yousif: that dude is such a *****
5:02:36 PM bhb: he talks like one
5:03:01 PM elite yousif: he started talking ***** about my business and me because he claims that i hack around sites without permission and that i gave him access to my computer, WTF..
5:03:25 PM elite yousif: so i told him to go to black hat in vegas, and he said hes not going this year — i told him if i saw him id tackle him

I’m not really sure if the following about the director of Black Hat contacting him is true (I never contacted the Black Hat folks about it, since it’s not really a credible threat).  He probably just made it up after he found out how much Black Hat costs:

5:05:11 PM elite yousif: u know what he did
5:05:11 PM elite yousif: he spoke with teh director of black hat
5:05:11 PM elite yousif: and he told him that i would beat his ***** if i saw him
5:05:11 PM elite yousif: so he got scared
5:05:11 PM elite yousif: so the director listened to him
5:05:20 PM elite yousif: and said i cant attend black hat this yea
5:05:20 PM elite yousif: year*
5:05:38 PM bhb: lol that’s hilarious did the director email you or something
5:05:44 PM elite yousif: no he IM’d me
5:05:51 PM bhb: ahah
5:05:52 PM elite yousif: then i followed his profile and he actually WAS the director of black hat
5:05:54 PM elite yousif: oh well
5:05:59 PM elite yousif: he knew i wasn’t kidding

This did happen, although he and his friends would usually get bored and give up after a few calls:

5:06:00 PM elite yousif: i called him
5:06:03 PM elite yousif: 1000 times
5:06:07 PM elite yousif: i cussed him out badly
5:06:12 PM elite yousif: and i demanded to talk to his wife
5:06:14 PM elite yousif: so i can cuss her outtoo
5:06:17 PM elite yousif: her out too*
5:06:18 PM elite yousif: but he wouldn’t elt
5:06:20 PM elite yousif: let*

Remember kids, don’t DDOS on a school night:

5:14:51 PM elite yousif: ask him if i DDoSed his *****
5:15:03 PM elite yousif: he’ll either lie and say ‘it’s server issues @ night” or he’ll admit like a ***** i owned him
5:15:25 PM bhb: hah what an idiot.  how long did you ddos him for
5:15:36 PM elite yousif: for about 2-3 hrs
5:15:42 PM elite yousif: i was bored and it was late
5:15:45 PM elite yousif: i had school next morninig
5:15:47 PM elite yousif: so i let him go
5:15:48 PM elite yousif: lol

There’s a $400 bounty on my head.  My wife, a friend, and I considered faking some photos and video to claim it, but I guess we’re just too nice:

5:33:36 PM elite yousif: can you go to missipi?
5:33:39 PM elite yousif: ill pay you like
5:33:42 PM elite yousif: 400
5:33:44 PM elite yousif: to beat his ***** for me
5:33:46 PM elite yousif: no joke
5:34:03 PM bhb: lol maybe if im hard up for some money one day
5:34:14 PM bhb: you should definitely go though, that ***** would be classic
5:34:28 PM elite yousif: do u know anyone would do it?
5:34:34 PM bhb: show all the whitehats that you dont ***** with the blackhats cause they take it into RL
5:34:36 PM elite yousif: i seriously will pay $400 for it
5:35:06 PM bhb: i dont know anyone up for that but it shouldnt be too hard to find
5:35:20 PM bhb: lol craigslist, i bet theres tons of local rednecks there that would do it
5:35:27 PM elite yousif: lol
5:35:35 PM elite yousif: id rather talk to someone i already know
5:36:03 PM bhb: hah just tell them the money transfers when you see a jpg of his bloody nose lol
5:36:33 PM elite yousif: rofl
5:36:35 PM elite yousif: good idea
5:37:28 PM bhb: http://northmiss.craigslist.org/
5:38:10 PM bhb: i dunno what category lol
5:38:15 PM elite yousif: lol
5:38:17 PM elite yousif: murder
5:38:20 PM bhb: loool
5:39:57 PM bhb: services – labor & moving, that probably has the most steroid pumped rednecks
5:40:15 PM elite yousif: lol
5:40:21 PM elite yousif: bro i would never do it off tehre
5:40:27 PM elite yousif: ***** u know feds just hang out there
5:40:30 PM elite yousif: waiting for somone to ***** up

I’ll leave you with the last words he had to say to my dummy AIM account:

7:28:14 PM elite yousif: yo
7:28:30 PM elite yousif: is there a way to make your cd burner recognize dvd-r’s?


  33 Responses to “Yousif Yalda Part 2: Script Kiddies in the Mist”

  1. [...] Yousif Yalda Part 2: Script Kiddies in the Mist [...]

  2. Yousif the 1337! Thanks for this post, it put me in a good mood this morning.

  3. Ahahaha, the last part is the best :)

    You definitely should have pretended to beat yourself up, that would have been hilarious.

  4. Another classic… He really is 31337.

    Perhaps he and n3td3v should get together and go on the road as a comedy duo !!!

  5. what an idiot guess he’s to dumb to actually notice who he was talking to

  6. Alright, I’m ending this now. First of all, Mcgrew isn’t successful otherwise he wouldn’t be blogging his life to me.. You’re married, go fuck you wife and stop messing with a kid. You preach over and over about security, and ‘skiddies’ yet you are the one who got his blog owned. Your so called ‘company’ is a blog website, and your professional communication is via AIM. You’re a fucking moron. The rest of you need to shut the fuck up — stop talking shit. My friend called Wesley and I was on the phone in 3 way and Wesley admitted that I knew my shit. My friend asked Wesley “So do you think Yousif is a noob?” Wesley responded “No, not really but he thinks he knows everything.” — That’s my only proof because sadly we didn’t record the call. Those are the exact words that came out of Wesley’s mouth. Wesley is just looking for trouble. I’m not here to start any of it. Hence why I never even blogged back to him in response to all his in-life flaws. He’s a fucking asshole who wants to expose me and decrease my reputation. This is just bad press. Think about it — everyone! — He says that I gave him access to my computer. Not even a sane typical user would do that, let alone a security researcher? No one does that. All of his screen shots were photoshopped, and with some Googling you can find that those tools are all available publicly online. He downloaded them and screenshotted each one. All I represent here is honesty. I’ve said before to many of you, the only screenshot that is valid is the FTP one I sent him while we were having a discussion on how to implement SSL onto my website. That is all. Mcgrew, you need to understand that you’re just a rich white boy prick. The reason he has done this is because he got upset after I blocked him when he told me was a ‘fed’. We were cool until he said that, and I simply blocked him, which is why he has done all of this. All of you are idiots who are placing commentary on a story you have no facts about. Nothing he has is solid proof, and you can’t groove something that doesn’t exist (I didn’t do shit). He’s given you guys images and text — something which can be edited. AIM conversations can be edited, they are saved in an HTML file and are simply text which can be modified. Same thing goes for the crappy screen shots he shows you. Give me a fucking break. Everyone here is twice my age and knows only half of what I know in web security, all of you are focusing on getting your certs, like robots — everyone is taught the SAME thing in the SAME fashion so you can produce SAME research. Mcgrew, you can’t even secure your blog, let alone provide actual security for customers. That’s solid proof for you folks, he did get owned and you have ALL seen the posts. Take some fucking consideration in time and READ what I have said, it is my response to this foolish man.

  7. oh yeah bruteforcing is real security issue. (rolls eyes). anyone can do that really, oh yeah most of the professionals actually hate you so go away Yousif Yalda

  8. Sounds like young Mr. Yalda meets the DSM criteria for Narcissistic Personality Disorder.

  9. @ Anonymous – Sounds you’re a pussy for not revealing your identity.

  10. Yousif Yalda – “to expose me and decrease my reputation”

    Um… you have a reputation ?

  11. Yousif, tell me, how is Morris doing these days?

  12. lol who’s Morris?

  13. Hmmh, what’s the point contacting people as mad as Yousif. I don’t know but once we all were children ;) . We grew up.

    What always fascinates me: many young kiddies just seek destructive matters like damn huge Botnets or so. But that’s just… small stuff.

    The real work is: construct something (securely) just with your mind and your fingers, that program your idea into the real world. Typing faster than the devil does in hell… that’s constructive research these days.

    Seems to be not interesting enough, does it?

  14. Thanks for posting wishi!

    I guess it’s a matter of what you’re cut out for. It’s not necessarily wrong to be interested in how things break and fail, and to seek out ways of doing it. It’s just a matter of channeling that into something that actually does some good (and perhaps more importantly, earns you an honest living).

    I love breaking things. More information than not on this site is about how to find vulnerabilities and exploit them. But there’s a path for people who like to break things, and it’s not botnets and attacks on the unwilling.

    I’m sure if he applied himself to learning more about it, and stopped burning every bridge he crossed, he’d be able to do well in vulnerability research and legitimate penetration testing. I’m just not convinced he ever will.

  15. Nice thoughts Wesley, but Penetration testing and research require a lot of patience and a methodoligcal approach. That’s something I don’t see the next generation of security people learning. It’s not all about breaking things after all. That’s just the fun part. At somepoint you have to write about how you did it, and how to fix it.

    Breaking things is the easy part of the job (sometimes).

    - Just my 2 cents -

  16. Maybe not the most visible parts of the next generation that I’ve highlighted in this post, but I at least hope that’s not a generalization that’ll hold for them all :)

    Thanks Chris!

  17. hey I m one of the new “generation” and I at least like to figure out how things work and write stuff up. Just haven’t really got into any projects yet

  18. [...] contact Wesley McGrew: | email – wesley@mcgrewsecurity.com | gpg key | aim – wesleymcgrew | twitter – mcgrewsecurity | McGrew Security Blog « Yousif Yalda Part 2: Script Kiddies in the Mist [...]

  19. Okay, how do i say this…FUCK ALL OF YOU MOTHERFUCKERS!! you all have nothing else in your entire life but to fuck around with yousif yalda! Mcgrew, your stupid as hell. Im the one who called you!! you fucking retard!! And listen up, ive known yousif for a very long time, we grew up with each other. He is the type of person who doesnt fuck around for NO reason, WHY THE FUCK WOULD HE EVER EVER IN HIS LIFE GIVE YOU!! ACCESS TO HIS COMPUTER!!
    EVERYONE,YOUR JUST WASTING TIME OF YOUR LIFE READING THIS CRAP Mcgrew is stupid as hell, his wife is a cunt, and she sounds like she has a dick in her mouth!, and for mcgrew, he sounds like a fucking hillbilly, and another thing, your soo fucking stupid, and scared you COULD go to black hat but your to much of a fucking pussy to go, because you know i will fucking break your head, and after i break your head ima bitch slap your wife!!! AND FOR LEE!! YOU DUMB ASS MOTHER FUCKER REDNECK!! DO THE WORLD WIDE WEB A FAVOR AND SHUT THE FUCK UP AND KILL YOURSELF!!!



  20. Looks like we have a taker on the bounty.

  21. Once again Yousif and his friends provide max lolz.

  22. [...] after a while he gave up and delegated the late-night calls to his friend Mark.  In response to a recent post, Mark gave me a call at about 2AM last night.  My wife and I were up watching DVDs of Battlestar [...]

  23. Pretty sure McGrew is a Scottish name. Also, you seem to have dropped a few letters Yousif, it’s spelled Mississippi.

  24. [...] Yousif Yalda Part 2: Script Kiddies in the Mist [...]

  25. Sounds like Mark and Yousif are more than just friends. Lovers maybe?

  26. So, Yousif’s Friend sent me information and yousif wanted my help to bring Mc Grew down. Lulz. anyways, All I’ve seen this kid capable of is fraud and using a simple whois search.

    So here you go, I’ll do a little whois search

    Name: Yousif Yalda
    Address: 8411 Christiana
    Skokie, IL 60007

  27. Wow. I live in Chicago and I know pretty much exactly where in Skokie that kid lives. How much will you offer me to put a beatdown on him? Apparently the going rate is $400, but I could cut you a deal or something. Maybe you could pen-test my botnet for me for free? Send me an email. We’ll talk.

  28. Wow, the cd burner log makes me hurt, and I work phone tech support for a living.

  29. Epic lulz!

    @Yousif, why don’t you show your hacker skillz to hack my website. It’s IP adress is

    You`re even worse than a script kiddie. You`re a wannabee script kiddie.

  30. [...] Saved by carnes on Thu 04-12-2008 Somebody Pranked John McCain Saved by mykr on Mon 01-12-2008 Yousif Yalda Part 2: Script Kiddies in the Mist Saved by sparkered on Mon 01-12-2008 Any Questions, Hesitate to Call Saved by lightmanx5 on Wed [...]

  31. yousif and mark! lol i can help you on your cd burner to recognise dvd-r’s….BUY A DVD BURNER!
    please try and find me as i really really really want you to try. lol you are a child and children grow up and rgret their mistakes.
    heres one for you, ‘just because you can doesnt mean you should’
    please for your own safety read the ethical hacking guide…..or in a within a year you will be in fed pen for 25 to life! learn some respect and learn some humility.

    for your own safety dude dont attack people you know nothing about, real hackers dont boast, you should be invisable, not the big red throbbing dick that you are sticking out on the net, if me or anyone else on here could be bothered you could get your entire life taken apart so that you couldnt even get a bank account or in to college so behave , or find you cash machine doesnt recognise your card, or you never existed anywhere on any data base. be warned!
    this is for your own benefit so calm your shit down.

  32. Yousif and Mark sound like your typical arrogant script kiddies who probably think the term 0-day is a count down to christmas, or some other festive occasion in which they might be spoiled by their loving mother and father.

    I find much humor in Mark’s words regarding McGrew being an idiot, loser, etc.. “I’m gonna slap your wife up” – The kid is probably just jealous because the closest thing to a partner he’s ever had were his World of Warcraft guild mates.

    It’s a big world out there, as Mark knows – which is why he chooses to throw his big hardman threats around on the Internet, safe from harm.

    Just to clarify a few things though:

    - Yousif is not a hacker
    - Mark is not a brawler
    - McGrew isn’t afraid of you kids.. you’re half his age, half his intelligence, and a million miles short of reaching the skill level he is at. Yes he may be a “white hat”, but he would effortlessly take you to school holding your hand every step of the way if it actually came down to it.

    The amount of shit you talk is incredible.. kids like you get rocked, docs dropped, rm’d on a daily basis.. it’s a miracle you have lasted this long. No doubt in all of your insecurities you will naturally refute everything I have said thus far, but if only one thing manages to slip through that thick skull of yours let it be this: You are a pussy. Trust me, it was blatantly obvious in that little phone call of yours.. you tried to cram as many curse words into that as you could.. I was fucking laughing at you man..
    you think you’re some hard ass who can take on the world? $50 says McGrew would rock the shit out of you. Guess i’ll end my rant here..

    Sorry for the overall choppiness of this post, I’m extremely tired and have downed a few.

    P.S. Yousif, dont ever call yourself a black hat again, you fuckin sicken me. The only hat right for you is the dunce cap. Wanna talk shit? Too bad, I’ve got better things to waste my time on :)

  33. I might be late to know about Yousif but I am glad I have read your views and his innate stupidity. What makes him talk trash and showoff like that is out of my mind,perhaps a late reaction of hormonal puberty I guess. The best part was the way you social engineered to build your credibility to bring that sucker down.

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© 2012 McGrew Security Suffusion theme by Sayontan Sinha