Remember when BesaMafia, a dark web site where people can allegedly hire hitmen was hacked and data was dumped in May? What could be worse, right? Well, they could be hacked again and their data dumped again.
The hacker known as “bRpsd” has again embarrassed the site, which claims to be linked to the Albanian Mafia, by exposing their seeming inability to secure their site properly. The site was reportedly compromised by SQLinjection.
Information on the hack and links to data dumps were posted on Siph0n.in today. The hacker included a message to the site’s admin:
Sorry admin , You must learn correct programming before scamming people
To make it even easier for others, bRpsd provided the login credentials. As of the time of this posting, those login credentials worked, and allowed access to current messages on the site:
As noted in my previous report on their first hack and data dump, it’s not clear whether this site is for real (despite the admin’s fervent statement to me) or if it is a scam or some kind of honeypot.
Here’a an interesting exchange of messages that were in the data dump. The inquiry relates to the first hack and data dump:
2016-06-04 20:18:54, admin,wefewfwe,6,” \r\n No. All messages are stored encrypted on our database.\r\n\r\n Also, we have a self-destruct system that deletes all messages and target information from entire database, if unauthorized access intruder is detected \r\n\r\n You will need to add target again, as all old info is deleted.\r\n\r\n Bitcoin is stored cold wallet system, no bitcoins can be stolen. The wallet will shortly be visible\r\n \r\n >
Was there any data leaked?\r\n \r\n \r\n > \r\n Hello,\r\n\r\n We\r\n > have recovered our site from the\r\n > hacking and we will restore your wallet shortly\r\n\r\n \r\n \r\n \r\n > >\r\n > Before the hack there was 20 BTC in my wallet.\r\nPlease put\r\n > it back there.”,13,0,active,Re: Re: Re: BTC,8
Well, obviously their system doesn’t work as they described it, as messages didn’t “self-destruct” if they’ve been dumped and are in plain text. Unless, of course, someone is generating fake messages and data for the dump.
Here’s another message, allegedly inquiring about hiring the service:
2016-06-05 00:08:24,admin,wefewfwe,6,” \r\n Hi,\r\n\r\n We can do that for $3000\r\n\r\n let me kno\r\n \r\n
I write earlier but think login not work so here is message\r\n > again\r\n\r\nI need a job to be done in Rome Italy. It is not to\r\n > kill but to plant drugs like cocaine on a man so he get\r\n > caught and go to jail. The man is got my daughter pregnant\r\n > and he then left her. He is complete bastard. The man is\r\n > airline pilot and so he will be caught if he have drugs in\r\n > his case when he go through the airport. \r\n\r\nThe job involve\r\n > break into his house and find his bag he take on all his\r\n > flights like a brief case and plant drugs in his case like\r\n > he would if he try to smuggle. Cocaine need to be taped\r\n > down at the bottom of the case so he does not see or suspect\r\n > anything wrong. It should be done so fumes or smell of drug\r\n > can be detect by machine at airport and also pick up by\r\n > x-ray. Also put in written note with drugs as if it from his\r\n > main supplier which makes it look like he is a BIG dealer.\r\n > Then he will be caught when he go through airport security.\r\n > Also maybe good idea to tip off customs to let them know\r\n > they is drug dealer come through airport? He then get caught\r\n > also criminal record so his life ruined like my\r\n > daughter.\r\n\r\n
I have do some research but I need some advise\r\n > from you. How much drug do he need to have in his bag to\r\n > definitely get a criminal record as supplier when he caught\r\n > in Italy?
I thinking 10g or maybe more you think?\r\n > \r\n\r\nAnyway, please reply to let me know if you can do job\r\n > and the cost? On your website you say your people are drug\r\n > dealer so it is really only like breaking into a house not\r\n > kill or harm and plant something they already have a lot of.\r\n > I hope to be able to go ahead in maybe 2 months.\r\n”,17,0,active,Re: Need job done,11
Sound real enough? But if you look through the messages, you won’t find any indication that any order was actually fulfilled, and “bRpsd” has included a file, allegedly from the site, that explains that it is not a real hit site at all. A site admin who contacted this blog after the first report insisted that that file isn’t real.
And now I’ll probably hear from the site’s admin again, telling me again that the site is for real. In 3…. 2….
Update of July 16: bRpsd was right and sent me to a link on .onion: