The Islamic State terror group is steering followers to a “dark web” mafia site that offers murder and other mayhem for hire at a price of thousands of dollars in Bitcoins, the online currency.
The problem for the world’s most vicious terrorist army is that hackers in recent weeks have exposed the “Besa Mafia” destination as an elaborate fraud. It is likely run not by the real-life Besa Albania Mafia and its criminal networks in Europe and the United States, but by a guy living in Romania.
This means the Islamic State, also known as ISIL and ISIS, is sending its followers on a money-wasting venture that is not likely to get anybody killed.
The Islamic State’s endorsement of the Besa Mafia site was discovered by the Middle East Media Research Institute. MEMRI, which monitors jihadi traffic, found Islamic State’s June 14 message on the channel Cyber Kahilafah, which is carried on the encrypted messaging app Telegram.
Telegram is its own story. Invented by an exiled Russian technocrat as a way for dissidents to escape the wrath of Vladimir Putin, Telegram has become the go-to platform for jihadis’ planning and commanding terrorist attacks, according to its detractors.
The Besa Mafia location is one of the more intriguing stops on the mysterious dark web. Users can reach this sinister-sounding world anonymously via special browsers, such as The Onion Router, or TOR, that do not leave an IP address — no electronic fingerprints.
Islamic State’s deadly attacks to date are generally in two categories: planned-and-directed massacres from its hub in Raqqa, Syria, such as the Nov. 13 Paris bombings and shootings; and inspired so-called “lone wolf” attacks such as the June 12 mass murder of 49 people at a gay nightclub in Orlando, Florida.
In theory, Besa Mafia hit squads would give the ultraviolent group another way to kill people.
But it will remain a virtual reality.
One of those who exposed the scam is Chris Monteiro, a Londoner who runs the blog Pirate.London and describes himself as an independent cybercrime researcher. He is quoted in the British press as an expert on the dark web and on preventing cybercrimes.
Mr. Monteiro said Besa Mafia struck him as flimflam, so he hacked through the backdoor and stole files and hunted down the operator.
“The guy is not affiliated with the real Besa Mafia. He’s a one-man operation,” Mr. Monteiro told The Washington Times. “He is, however, an ethnic Albanian living somewhere in Romania.”
He described his ongoing investigation in an email: “This has involved me tracing the scammer to Romania, (Transylvania!), back dooring the site for months to read the messages via 2 rebrand attempts and more recently me taking over his two primary email addresses and conning his freelancer that I am the scammer and he is the hacker. Next step is to try and get at his Bitcoins, of which I’m reaching out to various experts in the area.
“More importantly, the detailed profiles on the would-be murderers has not been released as my lawyer recommends not publishing any information that may impede a police investigation. Which is frustrating as there is interest in the UK media (TV). We have an entire private wiki with his operations, modus operandi, customer profiles and information we’re waiting to send to the police, but the UK police are not interested.”
The Islamic State’s unwitting outreach to the Besa Mafia scam began in December, when the Cyber Kahilafah channel posted links for downloading the TOR browser for encrypted internet searches.
Then came the June message that shared Besa’s advertisement for paid assassinations, information that apparently had been hacked and exposed.
The Besa Mafia site does its best to look authentic, complete with photos of assassins and dead bodies. It claims 1,060 registered members and “1,093 killing jobs.”
Payment is to be made using Bitcoin through a secret account: $5,000 for murder, $9,000 “if you want to make it look like an accident.”
Besa also offers hacking.
“We are a network of mob members who know how to use computers and who offer our services online,” the site proclaims. “Our members live in the USA, Europe, Japan, China and other countries.”
The site adds, “We can beat up anybody. You give us details and a few brothers from your location will go beat him.”
Asked if Besa Mafia is a scam, the page answers, “We don’t have any complaints on the Internet and we have been active a long time.”
Some internet surfers are convinced. In one story on a murder in the U.S., a commenter said the killing sounded like the work of Besa Mafia.
The International Business Times reported May 13 that a hacker known as “bRpsd” broke into the site and spilled lots of records into the open.
Steve Stalinsky, MEMRI’s executive director, said Islamic State’s use of Telegram points out the fact it has a ready-made way to hide messages from authorities when it wants to.
“Telegram should be held accountable for being a tool of many jihadi organizations,” Mr. Stalinsky said. “The Cyber Kahilafah is one of many pro-ISIS hacking groups active on Telegram.”
Mr. Monteiro, who is trying to prompt the British police to investigate those who have paid the bogus site for a mob hit, said the scam pays a “thug” in California to threaten people and create web images.
“Some fake murder videos may go down around Woodland Hills, California, as a part of more site promotions in the near future,” he said. “It’s nice to have a backdoor to the guy’s operations.”
• Rowan Scarborough can be reached at rscarborough@washingtontimes.com.
Please read our comment policy before commenting.