DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

BesaMafia hitman site hacked again

Posted on June 17, 2016 by Dissent

Remember when BesaMafia, a dark web site where people can allegedly hire hitmen was hacked and data was dumped in May? What could be worse, right? Well, they could be hacked again and their data dumped again.

BesaMafia

The hacker known as “bRpsd” has again embarrassed the site, which claims to be linked to the Albanian Mafia, by exposing their seeming inability to secure their site properly. The site was reportedly compromised by SQLinjection.

Information on the hack and links to data dumps were posted on Siph0n.in today. The hacker included a message to the site’s admin:

Sorry admin , You must learn correct programming before scamming people

To make it even easier for others, bRpsd provided the login credentials. As of the time of this posting, those login credentials worked, and allowed access to current messages on the site:BM2a

As noted in my previous report on their first hack and data dump, it’s not clear whether this site is for real (despite the admin’s fervent statement to me) or if it is a scam or some kind of honeypot.

Here’a an interesting exchange of messages that were in the data dump. The inquiry relates to the   first hack and data dump:

2016-06-04 20:18:54, admin,wefewfwe,6,” \r\n  No. All messages are stored encrypted on our database.\r\n\r\n  Also, we have a self-destruct system that deletes all messages and target information from entire database, if unauthorized access intruder is detected \r\n\r\n  You will need to add target again, as all old info is deleted.\r\n\r\n  Bitcoin is stored cold wallet system, no bitcoins can be stolen. The wallet will shortly be visible\r\n \r\n  >

Was there any data leaked?\r\n \r\n \r\n  >  \r\n Hello,\r\n\r\n    We\r\n > have recovered our site from the\r\n > hacking and we will restore your wallet shortly\r\n\r\n \r\n \r\n \r\n > >\r\n > Before the hack there was 20 BTC in my wallet.\r\nPlease put\r\n > it back there.”,13,0,active,Re: Re: Re: BTC,8

Well, obviously their system doesn’t work as they described it, as messages didn’t “self-destruct” if they’ve been dumped and are in plain text. Unless, of course, someone is generating fake messages and data for the dump.

Here’s another message, allegedly inquiring about hiring the service:

2016-06-05 00:08:24,admin,wefewfwe,6,” \r\n Hi,\r\n\r\n   We can do that for $3000\r\n\r\n   let me kno\r\n \r\n

I write earlier but think login not work so here is message\r\n > again\r\n\r\nI need a job to be done in Rome Italy. It is not to\r\n > kill but to plant drugs like cocaine on a man so he get\r\n > caught and go to jail. The man is got my daughter pregnant\r\n > and he then left her. He is complete bastard. The man is\r\n > airline pilot and so he will be caught if he have drugs in\r\n > his case when he go through the airport. \r\n\r\nThe job involve\r\n > break into his house and find his bag he take on all his\r\n > flights like a brief case and plant drugs in his case like\r\n > he would if he try to smuggle. Cocaine  need to be taped\r\n > down at the bottom of the case so he does not see or suspect\r\n > anything wrong. It should be done so fumes or smell of drug\r\n > can be detect by machine at airport and also pick up by\r\n > x-ray. Also put in written note with drugs as if it from his\r\n > main supplier which makes it look like he is a BIG dealer.\r\n > Then he will be caught when he go through airport security.\r\n > Also maybe good idea to tip off customs to let them know\r\n > they is drug dealer come through airport? He then get caught\r\n > also criminal record so his life ruined like my\r\n > daughter.\r\n\r\n

I have do some research but I need some advise\r\n > from you. How much drug do he need to have in his bag to\r\n > definitely get a criminal record as supplier when he caught\r\n > in Italy?

I thinking 10g or maybe more you think?\r\n > \r\n\r\nAnyway, please reply to let me know if you can do job\r\n > and the cost? On your website you say your people are drug\r\n > dealer so it is really only like breaking into a house not\r\n > kill or harm and plant something they already have a lot of.\r\n > I hope to be able to go ahead in maybe 2 months.\r\n”,17,0,active,Re: Need job done,11

Sound real enough? But if you look through the messages, you won’t find any indication that any order was actually fulfilled, and “bRpsd” has included a file, allegedly from the site, that explains that it is not a real hit site at all. A site admin who contacted this blog after the first report insisted that that file isn’t real.

And now I’ll probably hear from the site’s admin again, telling me again that the site is for real. In 3…. 2….

Update of July 16: bRpsd was right and sent me to a link on .onion:

besa_closed

 

Category: Business SectorExposureHackNon-U.S.

Post navigation

← Former Goldman Sachs Banker Barred From Industry Over Fed Leak
ENT and Allergy Center of Arkansas notifying patients of Bizmatics security incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.