Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Monday, July 09, 2007

The Hunt for YoGangsta50

"You are now about to witness the strength of street knowledge" - Dr Dre

This post represents the culmination of an investigation into the GTA: Hoodlife Virus. After dismantling the distribution chains for the videos being hawked around social networking sites, getting user accounts cancelled left, right and centre and warning the Myspace hordes about Myspace Protect, I did wonder what else was left to do with the steaming pile of wreckage before me.

Random question time. What do you see when you look at the below?

A YouTube page? Some funky colours? A Myspace Protect video? The site that some virus dude was doing some stuff on?

Or do you see a virus spreading fool exposing his entire online existence to anyone who is bothered enough to care, and practically begging to be caught? See, my entire line of research is based on the notion that these people creating these things don't just fall out of the sky out of nowhere to start some shit on the Internet. Pretty much everyone out there has some sort of pre-bad guy history, especially if they were gimping around on social networking sites and the like before they took that bash on the head and woke up as Dr Doom. It worked when looking at hackers in the Middle East; it worked for a Carding scam. So I figured, what the Hell - let's see what happens with the creator of a super-lame batch file that completely cripples an average users PC. What sparked this desire to have one final crack at this was an Email I received from someone who thought they'd lost all sorts of pictures they'd scanned into their computer as a result of this thing - probably nothing to anyone else, but hey, all this stuff routinely hosed by idiots and their fun little programs has some worth to us. It has some importance that goes beyond a simple reformat and backup and - oh Hell, you didn't ever get round to backing everything up? Too bad, wave goodbye to your pictures, or music, or whatever else is on there.

Well, sorry, but no. Your right to cause some shit on the Internet ends at exactly the point where my right to cause you some shit begins. With that in mind, I'd considered playing a game of "chase the bad guy", and seeing exactly what information would turn up if I took things to an extreme of needle in a haystack action. So far, all I really knew about this guy was that he called himself YoGangsta50 and he liked YouTube.

Well, not just that. Everything he did was swathed in references to The Boondocks - which is really good, by the way - so that gives us something to file away for future reference should it be needed. We also have his age - roughly 18 - and the interesting fact that he registered on YouTube in 2006. Why interesting? Because everything he's into online was registered around the same time, in 2005 / 2006...yet he apparently only just started doing bad things recently, because otherwise most of his obvious virus spamming and dodgy video pushing would have been flagged and had him canned long ago. According to this post here, at some point in the past he fell out with some homeboys on the 50Cent forum and started hacking accounts before flouncing out in a rage...perhaps that turned him to hacking and viruses?

At any rate....the obvious thing to do is go Google YoGangsta50 and see what he's up to.

Except.....I already did that while investigating the virus, so repeating it to investigate him isn't going to bring me much satisfaction. Sure, we can go back and re-examine his forum haunts such as the 50Cent / Game / Young Buck forums, but all you'll get for your money is a bunch of not very useful posts such as these:

...note the Spysheriff URL the supposed Myspace link leads to. Nice. However - this kid clearly isn't too bright. Thanks for the Location: Hartford, CT, US.

So, now we have a locale for this guy. Performing a search for "YoGangsta50 Connecticut" in Google was fruitless, but a quick jump over to Yahoo and we have his Bolt.com page:

...and a link to his Xanga page, which pretty much contains the same information (only with a huge MOVING TO FREEWEBS link, which confirms this is indeed "our" YoGangsta50). Note the continued obsession with The Boondocks, but more importantly, note the fact that we now have a first name - "John". It also mentions he's black, which might also be useful for future reference.

Going back to the Xanga page, buried in the on-screen clutter is a blink-and-you'll-miss-it forum link. here's a look at YoGangsta50s forum profile:

Note the Email address, "Thomasxg". Googling it takes you to a wallpaper / ringtone page where he's created a bunch of - surprise - Boondocks graphics. Nothing else useful there, though, so surely we're at a dead end now right?

Nah.

I went back to the (small) userlist for his forum and started looking round for places they hung out, on the basis he might well show up too. Down to the last user (Yung_Cam), and things weren't looking too good. Except...


"YUNG_CAM. Other Interests: I'M SO GANGSTA"? Wow, I'm so going to your page! Now, I have no way of knowing if the Yung_Cam here is the Yung_Cam I'm looking for. But here comes that random slice of luck and guesswork you need to pull something like this off.

Going on the assumption that Yung_Cam might be on the same website.....why not YoGangsta50? Sure enough, a quick alteration to the URL in the browser and we have a page that's hitting all the right notes. Sure, there's no way to prove this is indeed our man. Everything on this page could be 100% fake. But check out the most biblical set of coincidences in all creation. Notably:

1) He's called YoGangsta50. Okay, this is a no-brainer, but it's worth pointing out.
2) He's black, another no-brainer considering the site this page is on, but this does confirm what was said with regards his ethnicity on the Bolt / Xanga pages.
3) His age is 19, which would fit the age range for the other sites.
4) He lists one of his main interests as "Boondocks".
5) "I live in Hartford now".
6) His name is John, another hit on the confirm-me-do button. Not just John, but "John C". Valuable additional information ftw.

How many black youths do you think are aged between 16 to 19, are living in Hartford, CT, with a supposed real name of "John", are also into the Boondocks (and spend every other moment telling you about it online) and also JUST happen to be called "Yogangsta50"?

I did send this information on to the police last week, and the cynic in me says it's floating around the bottom of the "WTF is this nonsense about a kid writing viruses" pile, never to be seen again. It's not the first time that's happened to me, and I'm sure it won't be the last but whatever. The above is ultimately nothing more and nothing less an example of the kind of information we can dig out with a simple username and a page on YouTube. It might be pointless, it might be productive, but I'm convinced we need to focus more on who is hiding behind the veil of supposed anonymity when pushing infections (and less on the infections themselves) and drag them kicking and screaming into the light.

Whether they want to come or not.

Labels:

posted by paperghost at 10:47 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.