Image: Tobias Michaelsen/Flickr
The dark web is rife with scams, but nothing quite compares to the case of fake hitman site Besa Mafia.Besa Mafia, which is still online, advertises "hitman" services, offering to put customers in touch with hired killers."If you want to kill someone, or to beat the shit out of him, we are the right guys," the site reads. "We have professional hitmen available through the entire USA, Canada and Europe and you can hire a contract killer easily." The group claims to come from Albania.
Although many already suspected the site was a sham, Risk Based Security reported last week that supposedly hacked data shining more light on its behind-the-scenes dealings had been posted online. Included in that dump were alleged lists of "hitmen," photos of targets customers had uploaded, orders made on the site, and a large cache of messages purportedly between users and site admins.Although the site is almost definitely a scam—and a seemingly profitable one at that—the sheer effort its creators have gone to puts Besa Mafia head and shoulders above just about anything else on the dark web.***According to the site, potential customers sign up, upload details and a photo of who they want targeted, and choose from various different services. Murder ranges between $5,000 and $200,000; making the death look like an accident is an additional $4,000; just beating them up is $500; and setting their car on fire will set you back $1,000.Anyone who wants to become a hitman can register on the site too, and needs to specify how they can kill people—with a pistol or sniper rifle, for example—and whether they have military training.
The point of the site is, of course, to get people to hand over their bitcoins. The messages show the admin stringing along a wealth of customers, taking funds while making excuse after excuse for no murder or action actually taking place."These guys have made at least 50 bitcoins [nearly $23,000] on this," said Chris Monteiro, an independent researcher who has been following the site. Along with a partner, he has also hacked into Besa Mafia and is still collecting messages. Monteiro said he wasn't behind the dump of messages and other site data.
In one message from the dump, the admin writes that the site not only cheats people out of their bitcoin; it also provides information to law enforcement about ordered hits."This website is to scam criminals of their money. We report them for 2 reasons: to stop murder, this is moral and right; to avoid being charged with conspiracy to murder or association to murder, if we get caught," the admin writes.The Besa Mafia brand is not just isolated to its own site. It has proliferated across the web, with reviews for its hitmen, calls for arms to push back against the site, and Besa Mafia's admins even intimidating those sceptical of the site.
On April 17, someone edited the Wikipedia page for "Albanian mafia," and added "Albanian Mafia are managing a controversed [sic] site on Deep Web where they take orders from general public for body harm services such as beating up, setting cars on fire, kiling, etc."Of course, anyone could have authored that Wikipedia edit, including Besa Mafia's admins. The same goes for the glaringly positive reviews of the site, scattered across the internet.One review posted on personal blog and supposedly written by a happy customer, includes a gory picture of a man covered in blood and slumped in a driver's seat. In 800 words, the customer explains in rambling detail how Besa Mafia helped him kill the man who raped his girlfriend."I saw they also have hitmen who do murder for hire, and I was astonished to see that the price was very low: only $5,000," the customer writes. Another customer writes how they were struck in a hit and run and hired the Besa Mafia to burn the culprit's car.
Besa Mafia also offered a referral campaign, meaning that anyone who shared a link and successfully got others to sign up would earn a 10 percent commission.Some sites were even looking for people to fight back against the group.
"They are online since some time and they have no complaints, so please don't be lazy and say they are a scam, it's good to discourage people saying they are scam but is better to say the truth that they are real and that we need to do what we can to shut them off," a post from Texas on classified ad site Reachoo reads.For something that was supposedly written by a critic, the ad laid out Besa Mafia's services in great detail.Others have, understandably, voiced skepticism about the site. Monteiro called out the site as a clear fake back in February. He was then contacted by an administrator of Besa Mafia. "Would it be possible for us to pay for a true and honest positive review?" the admin wrote, according to Monteiro.Another person who posted negative comments about Besa Mafia and asked to remain anonymous told me he was paid $50 in bitcoin after removing his own content.But Monteiro didn't budge. Shortly after, the admin sent him a video of hooded figures torching a car, with Monteiro's blog URL typed out on a piece of paper. This also happened to others who posted negative comments about Besa Mafia; at least three videos were made, showing burning vehicles, all with messages to those who had spoken ill of the group.
"To be honest, I was intimidated"
"To be honest, I was intimidated," Monteiro said in a phone call.But the recently hacked data sheds some light on these antics, and it appears that they may have been fabricated as part of the convoluted plan to make Besa Mafia seem more legitimate.According to hacked messages, the people burning these cars were prospective "hitmen" who had hoped to become employed on the site."For now, we can use your help to set cars on fire," the admin told one supposed applicant, and in another message laid out specific instructions for filming the video: Take a normal car, not too cheap or expensive, to the outskirts of a city, write the Besa Mafia URL on a piece of paper, light the car on fire, move back around 10 metres, and show the paper again.To check the legitimacy of the hacked data, I attempted to send messages to users in the dump using Besa Mafia's built-in messaging system. Out of 22 messages, only 5 delivered successfully, implying that either those accounts have since been deleted, or perhaps didn't exist in the first place. None of the supposed customers or hitmen on the site responded to my emails, and some of the email addresses were fake. I wasn't able to confirm the veracity of all of the messages included in the dump, but some contained details of bitcoin transactions that matched those recorded on the blockchain.For their part, the person or persons behind the Besa Mafia admin account said in a message to me that the hacked data was itself fake.
"Someone managed to steal the password of one of our members providing services, and he got a list of customers posting jobs; and from there he invented and wrote up many fictious [sic] messages between admins and users," they wrote.The admin said they would no longer pay people to remove negative reviews, but instead, "we will burn out their cars and homes; doing so we will prove to them that we are legit and that they sould [sic] remove their comments or we will burn more."***The multi-faceted and intricate nature of this scam—from getting people to burn cars to paying critics to shut up—is unlike anything I've seen so far on the dark web. Perhaps more worrying is that there seems to actually be a demand for this sort of site, judging by the reams of apparent messages and orders.As the person who was paid to remove his negative comments told me, "it only takes a single idiot to fall for this to make all of this shit worth it."