Cyber Incident Victim: BesaMafia

The BesaMafia dark web site, which purported to offer hitman-for-hire services linked to the Albanian Mafia, suffered a second security breach in early June 2016, following an initial compromise in May. On June 4, 2016, a hacker using the alias "bRpsd" exploited an SQL injection vulnerability to gain unauthorized access to the site's backend systems. The attacker publicly disclosed login credentials and dumped internal data, including user messages and administrative communications, on the platform Siph0n.in. This breach occurred despite the site admin's prior claims of implementing encrypted message storage, a self-destruct system for unauthorized access incidents, and cold wallet storage for Bitcoin transactions. The hacker left a taunting message for the admin, stating, "Sorry admin, You must learn correct programming before scamming people," suggesting motivations centered on exposing security deficiencies or alleged fraudulent activity.

The compromised data revealed operational details that contradicted BesaMafia's security assurances. Leaked messages included plaintext customer inquiries dated June 4-5, 2016, such as a request to plant cocaine in an airline pilot's luggage to frame him, with discussions of pricing ($3,000) and operational logistics. Another exchange showed a user disputing the disappearance of 20 BTC from their wallet after the first hack, with the admin responding that wallets would be restored. The data dump also contained a file alleging the site was not a legitimate service, though the admin denied its authenticity. Impacts included reputational damage from exposed security flaws, potential legal risks for users whose criminal solicitations were leaked, and financial disputes over cryptocurrency holdings. The admin's response focused on restoring site access and assuring users about wallet recovery, but no evidence of improved security measures or fulfilled contracts was documented in the leaked data.