RiskBased Security writes:
News reports of websites being hacked and data being leaked has become an all too common occurrence. Most of the press focuses on popular or well known sites, rarely touching on leaks from sites that reside in the recesses of the “deep web” or “dark web”, accessible only by means such as TOR network software. While such breaches may happen frequently, they rarely see the light of day.
A few weeks ago, one such dark web site going by the name “Besa Mafia” became victim of a hacker using the handle “bRpsd”, who breached the site’s database and posted the information online where it was accessible to anyone. The information posted is a potential serious concern as the Besa Mafia site has a reputation as being an actual hitman-for-hire service with links to the Albanian mafia.
Data leaked in this breach contains user accounts, user personal messages, ‘hit’ orders posted to the site, and a folder named ‘victims’ that contains additional documents within it.
Read more on RBS. It feels odd tagging this under the “Business” sector, but it’s a business, right? Or should this be a “Miscellaneous,” which I usually reserve for not-for-profits, etc.?
Update: I was contacted by someone who claims to be an admin for the Besa Mafia site. The correspondent asked me to post comments submitted by email, which I have done, below this post. It’s obviously important to them that people believe the site really is a marketplace where you can hire hitmen, etc. But do note that the whole Besa Mafia site has been accused of being a scam and/or basically a honeypot. See Pirate dot London and this report in The Mirror, especially if you’re thinking of contacting the site. DataBreaches.net does not have the resources to research the site or the claims. Could it have been a fake data dump created by law enforcement to make the site look like it was cooperating with law enforcement? Yes. Was it? I have no idea.
This so called hack proved that the site is real and
1. That customers are completely anonymous, no name, no address, no credit card no bank was found
2. That are hundreds of customers wanting to hire hitmen
3. That are hundreds of gang members wanting to provide services, they burned cars, harmed and killed people
So we have demand and supply, and a functional site, the Besa is real and claims that is fake is just made by lazy cops who can’t shut down the site and want to discourage people from using it
Plus, the so called database dump was only 1/3 percent of the real database and was plain text comma separated, edited in notepad to add mesages about sending info to law enforcement, but the one who edited was stupid enouch not to realise there is no info to send to law enforcement, since the customers are anonymous, no name no address no ip no nothing ever there
The following comment was submitted via email with a request to post it under the article — Dissent
The so called database leack was only plain text separated by comma, and could be easily writen up or edited in notepad before publishing .
It only proved that:
1. There are MANY CUSTOMERS wanting to hire hitmen online for murder,
as you can see in the claimed leacked database
2. There are MANY GANG MEMBERS signing up to provide services. Some of them might be pranks, but many of the gang members signing up REALLY WANT TO DO MURDER AND BODY HARM SERVICES .
So, on one hand you have hundreds of customers wanting to hire hitmen, and on the other hand you have hundreds of gang members from the entire USA and Europe wanting to do body harm for money.
There is demand and there is supply.
Some new registered gang members burned cars, destroyed property and harmed people really bad .
Then how do you say this is a scam? You are lying to people and once the truth gets exposed you will become a shitty news source
Besa Mafia continues to be up, continues to get lots of customers and lots of gang members registration, and we connect them with each other
.
The media war against Besa Mafia is fought by lazy undercover cops who can’t shut down the site, there was a hack, but only a 1/3 percent of the database was published, with customers who din’t paid or who din’t had finished jobs, and even so, the database it was heave altered with dates changed and messages edited to make it look like people din’t had their hit done a lone time
Let me know if you want an interview and the truth
This so called hack proved that the site is real and
1. That customers are completely anonymous, no name, no address, no credit card no bank was found
2. That are hundreds of customers wanting to hire hitmen
3. That are hundreds of gang members wanting to provide services, they
burned cars, harmed and killed people
So we have demand and supply, and a functional site, the Besa is real and claims that is fake is just made by lazy cops who can’t shut down the site and want to discourage people from using it
Plus, the so called database dump was only 1/3 percent of the real database and was plain text comma separated, edited in notepad to add mesages about sending info to law enforcement, but the one who edited was stupid enouch not to realise there is no info to send to law enforcement, since the customers are anonymous, no name no address no ip no nothing ever there