DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

BesaMafia hitman site hacked again

Posted on June 17, 2016 by Dissent

Remember when BesaMafia, a dark web site where people can allegedly hire hitmen was hacked and data was dumped in May? What could be worse, right? Well, they could be hacked again and their data dumped again.

BesaMafia

The hacker known as “bRpsd” has again embarrassed the site, which claims to be linked to the Albanian Mafia, by exposing their seeming inability to secure their site properly. The site was reportedly compromised by SQLinjection.

Information on the hack and links to data dumps were posted on Siph0n.in today. The hacker included a message to the site’s admin:

Sorry admin , You must learn correct programming before scamming people

To make it even easier for others, bRpsd provided the login credentials. As of the time of this posting, those login credentials worked, and allowed access to current messages on the site:BM2a

As noted in my previous report on their first hack and data dump, it’s not clear whether this site is for real (despite the admin’s fervent statement to me) or if it is a scam or some kind of honeypot.

Here’a an interesting exchange of messages that were in the data dump. The inquiry relates to the   first hack and data dump:

2016-06-04 20:18:54, admin,wefewfwe,6,” \r\n  No. All messages are stored encrypted on our database.\r\n\r\n  Also, we have a self-destruct system that deletes all messages and target information from entire database, if unauthorized access intruder is detected \r\n\r\n  You will need to add target again, as all old info is deleted.\r\n\r\n  Bitcoin is stored cold wallet system, no bitcoins can be stolen. The wallet will shortly be visible\r\n \r\n  >

Was there any data leaked?\r\n \r\n \r\n  >  \r\n Hello,\r\n\r\n    We\r\n > have recovered our site from the\r\n > hacking and we will restore your wallet shortly\r\n\r\n \r\n \r\n \r\n > >\r\n > Before the hack there was 20 BTC in my wallet.\r\nPlease put\r\n > it back there.”,13,0,active,Re: Re: Re: BTC,8

Well, obviously their system doesn’t work as they described it, as messages didn’t “self-destruct” if they’ve been dumped and are in plain text. Unless, of course, someone is generating fake messages and data for the dump.

Here’s another message, allegedly inquiring about hiring the service:

2016-06-05 00:08:24,admin,wefewfwe,6,” \r\n Hi,\r\n\r\n   We can do that for $3000\r\n\r\n   let me kno\r\n \r\n

I write earlier but think login not work so here is message\r\n > again\r\n\r\nI need a job to be done in Rome Italy. It is not to\r\n > kill but to plant drugs like cocaine on a man so he get\r\n > caught and go to jail. The man is got my daughter pregnant\r\n > and he then left her. He is complete bastard. The man is\r\n > airline pilot and so he will be caught if he have drugs in\r\n > his case when he go through the airport. \r\n\r\nThe job involve\r\n > break into his house and find his bag he take on all his\r\n > flights like a brief case and plant drugs in his case like\r\n > he would if he try to smuggle. Cocaine  need to be taped\r\n > down at the bottom of the case so he does not see or suspect\r\n > anything wrong. It should be done so fumes or smell of drug\r\n > can be detect by machine at airport and also pick up by\r\n > x-ray. Also put in written note with drugs as if it from his\r\n > main supplier which makes it look like he is a BIG dealer.\r\n > Then he will be caught when he go through airport security.\r\n > Also maybe good idea to tip off customs to let them know\r\n > they is drug dealer come through airport? He then get caught\r\n > also criminal record so his life ruined like my\r\n > daughter.\r\n\r\n

I have do some research but I need some advise\r\n > from you. How much drug do he need to have in his bag to\r\n > definitely get a criminal record as supplier when he caught\r\n > in Italy?

I thinking 10g or maybe more you think?\r\n > \r\n\r\nAnyway, please reply to let me know if you can do job\r\n > and the cost? On your website you say your people are drug\r\n > dealer so it is really only like breaking into a house not\r\n > kill or harm and plant something they already have a lot of.\r\n > I hope to be able to go ahead in maybe 2 months.\r\n”,17,0,active,Re: Need job done,11

Sound real enough? But if you look through the messages, you won’t find any indication that any order was actually fulfilled, and “bRpsd” has included a file, allegedly from the site, that explains that it is not a real hit site at all. A site admin who contacted this blog after the first report insisted that that file isn’t real.

And now I’ll probably hear from the site’s admin again, telling me again that the site is for real. In 3…. 2….

Update of July 16: bRpsd was right and sent me to a link on .onion:

besa_closed

 

Category: Business SectorExposureHackNon-U.S.

Post navigation

← Former Goldman Sachs Banker Barred From Industry Over Fed Leak
ENT and Allergy Center of Arkansas notifying patients of Bizmatics security incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Investigation of 2024 Helsinki data breach – Report
  • Major trial underway for data leak that left 72,000 victims in France
  • Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
  • HealthEC Agrees to $5.48 Million Settlement to End Data Breach Lawsuit
  • US offering $10 million for info on Iranian hackers behind IOControl malware
  • Sompo Japan Insurance submits improvement plan after info leakage
  • Moreno Valley, Calif., Schools Report Data Breach
  • The Growing Cyber Risks from AI — and How Organizations Can Fight Back
  • UPDATING: Credit Control Corporation denies any current breach
  • Copilot AI Bug Could Leak Sensitive Data via Email Prompts

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Your household smart products must respect your privacy – including your air fryer
  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.