Menu
Browse

Besa

Aliases: 2 aliases
Primary URL Location Industry
Undetermined
Country Albania
Commercial Icon
Commercial
Profile

The organisation known as the Albanian Mafia Group Besa, also referred to as Besa Hitman-for-Hire Service, BesaMafia, operates as a dark web platform offering hitman‑for‑hire services. Its headquarters is located in Albania. The service is advertised through aliases such as Besa Mafia and Besa Hitman-for-Hire Service on underground forums. Clients allegedly could request contract killings, with discussions also covering drug‑planting operations and disputes over stolen cryptocurrency balances. The platform presented itself as a clandestine criminal enterprise facilitating violent contracts for payment. No public evidence has been provided confirming that any of the advertised killings were actually carried out.

Besa claimed to protect user data with encrypted storage and a self‑destruct mechanism designed to erase information upon unauthorized access. Security researchers and attackers have described the group as specializing in illicit hitman brokerage rather than legitimate business activities. The platform’s distinguishing attribute is its reliance on dark web anonymity networks to conceal both its operators and its clientele. Unlike conventional security firms, Besa positioned itself as a service provider for violent crime, emphasizing discretion and untraceable payments. Its operational focus on contract violence distinguishes it from other dark web markets that primarily trade drugs, weapons, or stolen data. The group’s self‑description emphasized a professional, business‑like approach to arranging killings, despite the lack of verifiable outcomes.

In April 2016, a hacker using the alias bRpsd compromised Besa’s dark web portal, leaking operational data that was first uploaded to Files.fm and later disseminated via services such as Siph0n. The exposed material included internal communications, login credentials, and details about service fees, drug‑planting requests, and cryptocurrency disputes. A second breach occurred on June 4, 2016, when an SQL injection attack compromised the same platform, revealing current messages and contradicting the operator’s claims of encrypted storage and a self‑destruct mechanism. The attacker publicly mocked Besa’s security failures and distributed additional files asserting that the site was fraudulent, possibly a scam or a law‑enforcement honeypot. These incidents highlighted vulnerabilities in the dark web infrastructures used by criminal networks and demonstrated how targeted cyber intrusions can undermine clandestine operations. Despite the leaks, no verified evidence emerged that Besa had successfully fulfilled any hitman contracts, leaving its true nature uncertain.

Incidents
Linked incidents available to members
2 incidents