I never believed that many actual hitmen would offer their services on the darknet. This story, however, is more bizarre than just the normal scamming scheme I would expect behind most of these offers.
The unbelievable tale of a fake hitman, a kill list, a darknet vigilante... and a murder
Hitman-for-hire darknet sites are all scams. But some people turn up dead nonetheless
By Gian Volpicelli
04 Dec 2018
I did not know Bryan Njoroge. I had never met him, talked to him, or encountered him online. In ordinary circumstances, I would have never heard of his death, more than 6,500 kilometres away. Yet in late June 2018, a message arrived in my inbox. Its subject read: “Suicide (or Murder)?” The email contained a link to a webpage showing unequivocally that someone wanted Bryan dead.
On May 29, a person calling themselves Toonbib had exchanged messages with someone they thought was a Mafia capo renting hitmen on the dark web. Toonbib had sent a picture of Njoroge in a suit, lifted from a school yearbook, and an address in Indiana where Njoroge – a soldier, who usually resided at a military base in Kentucky – would stay for a few days. “He will only be in location from june 01 2018- june 11,” Toonbib wrote. They paid about $5,500 in bitcoin for the hit.
The day after, Toonbib started chasing the presumed capo for an answer, which took some more time to arrive. “I will assign an operative to your job and it will be done in about a week, is this ok? I will get back to you shortly with an estimated date,” the capo wrote on June 1. Toonbib never answered. On June 9, Bryan Njoroge was found with a fatal gunshot wound to the head, near a baseball field in Clarksville, Indiana. His death was recorded as a suicide.
There are no hitmen in this story. There are no sharply dressed assassins screwing silencers on to their Glocks, no operatives assigned, nor capos directing them.
There is a website, though – a succession of websites, to be precise – where all those things are made out to be true. Some people fall for it. Looking for a hitman, they download Tor, a browser that uses encryption and a complex relaying system to ensure anonymity, and allows them to access the dark web, where the website exists. Under false names, the website’s users complete a form to request a murder. They throw hundreds of bitcoins into the website’s digital purse.
The website’s admin is scamming them: no assassination is ever executed. The admin would dole out a hail of lies for why hits had been delayed, and keep the bitcoins.
But, elsewhere, someone called Chris Monteiro has been disrupting the website’s operations for years, triggering its admin’s wrath.
In 2016, two years before sending me the email about Njoroge, Monteiro was just a guy writing wikis. A tall man in his thirties with thick sable hair, a short beard and deep-set, dark eyes, Monteiro is a man of weird pastimes. By day, he worked as a computer system administrator for a London-based firm; by night, he turned on a six-screen desktop computer in his South London flat and spent hours plumbing the depth of the internet. He called himself a “cybercrime and niche topic internet researcher”. He was into transhumanism, the internet-based movement advocating for human enhancement and immortality. He gave talks about the politics of sci-fi, using a slightly slurred patter. He knew a great deal about credit card fraud. But his passion was the dark web.
This was the perfect environment for scammers – impenetrable to search engines and rife with illegality. Online forums crawled with references to sentient AIs lurking in the dark web, live-streaming websites showing people being slaughtered in “red rooms”, or dark web pages revealing the secret of the Illuminati. “This weird fringe of the internet, it's one of the toughest areas to seek truth,” Monteiro says.
In 2015, Monteiro started running the r/deepweb subreddit, a front row on the day-to-day happenings of the online netherworld. He documented his findings on his blog – pirate.london – and on online encyclopedias, such as Wikipedia and anti-pseudoscience website RationalWiki. He made it his mission to kill urban legends – he contributed to Wikipedia’s articles on the dark web and darknet market, and created RationalWiki’s pages about red rooms and runaway AIs.
He also wrote RationalWiki’s article about internet assassination. The rumour that you could hire a contract killer on the dark web in exchange for bitcoin had been around since the early 2010s. That was because, unlike snuff movies and evil AIs, hitman-for-hire services were ubiquitous on the dark web. Some were structured as “prediction markets”, with users crowdfunding the assassination of VIPs and politicians; or they could be catering to the private grudge-bearer wanting to book a hit via private chat.
Monteiro’s research suggested all such websites to be either harmless trolling or scams designed to rob people of their bitcoins. He could find no evidence of anybody ever being killed by a hitman hired online, nor of any hitman working online. He wrote this all on RationalWiki. With footnotes.
Then, on February 20, 2016, an anonymous user made an edit to the internet assassination article. The edit, Monteiro says, added something to the effect of “all assassination sites are scams, except for Besa Mafia, which is real”, appending a link to a dark web site. (The edit was permanently deleted by RationalWiki’s admins at Monteiro’s urging; but a subsequent modification by the same user remains in the edit history. “An other site is Besa Mafia, a marketplace where hitmen can sign up to provide their services and where customer can order, [sic]” the edit read. “The site protects the customers with an escrow service that stores the bitcoin until the job is completed. They also accept external escrows.”)
Monteiro understood this to be shameless self-promotion. The people running Besa Mafia, whatever that was, had seemingly vandalised his finely crafted piece of wiki-scholarship in order to shill for their assassination website. “I went, ‘What the fuck is this shit?,’” he says. “This is not only nonsense, it's someone promoting a scam on my article.”
He fired up Tor and went to the Besa Mafia website. Ostensibly run by Albanian gangsters (“besa” is Albanian for “honour”), it was littered with poor English, stock pictures of armed beefcakes, and a payment system that – far from protecting customers’ bitcoin – allowed whoever ran the website to easily snatch the funds. He wrote a scathing review of Besa Mafia on his blog, calling it a scam.
A few days later, someone from Besa Mafia got in touch. “Helo, I am one of the admins of the Besa Mafia website on deep web [sic],” the email read. “Would it be possible for us to pay for a true and honest positive review? Let me know if we can prove to you that we are legit.” It was signed “Yura”.
A back-and-forth exchange ensued. Monteiro gleefully bombarded Yura with questions, punching holes in the site’s business model, security and technical makeup. For Monteiro, it was obviously a scam. But, while Yura acknowledged the website’s shortcomings, he maintained it was legitimate. He asked Monteiro to give Besa Mafia the benefit of the doubt. “We are open to suggestions, we will do our best to make it the best marketplace focusing on body harm revenge and property destruction,” Yura wrote.
As evidence, Yura offered to have someone of Monteiro’s choice beaten up. He then proposed to pay a $50 monthly retainer to feature Besa Mafia banners on Monteiro’s blog. When Monteiro declined both offers, Yura’s tone became menacing. “Be neutral to our website,” he wrote. “Unless you do that, we will pay some cheap freelancers to fill articles and submit posts and comments claiming you are undercover cop.”
Monteiro published the exchange in full on his blog, mocking Yura and Besa Mafia. Weeks later, someone left a comment: a link to a video. It started by showing an A4 sheet. ““[G]ang members for besa mafia on deep web,” the sheet read. “[D]edication to pirate london, 10 April 2016.” There followed some 30 seconds of darkness, rustling and metallic sounds. Finally, the camera turned towards a white car, engulfed in orange flames. The sheet was shown again, metres away from the blazing car. The video appeared to be a threat to whoever was running pirate.london.
Monteiro was horrified: he thought this was not the behaviour of a scammer. Online con artists ignore people who call them out, he thought; they don’t set cars on fire to defend their reputation. “I started questioning myself: had I pissed off a criminal organisation?” he says. “What the fuck had I got myself into?”
Monteiro works out of his living room in London
The video prompted Monteiro to contact law enforcement. At London’s Charing Cross Police Station, he told the officer behind the desk that he was a cybercrime researcher – specialising in drugs, fraud and murder – and he wanted to report a darknet assassin threatening him with videos of flaming cars. “I just wanted to get this on the record,” Monteiro recalls.
The officer was perplexed. Weeks later, the case was passed on to the Metropolitan Police’s cybersecurity unit, Falcon Team. Monteiro maintains that nothing came out of it: he says that the officer said that the car did not seem to have been destroyed in the UK and was therefore out of the Met’s jurisdiction.
Monteiro also attempted to contact the UK National Crime Agency (NCA) – but, he would later realise, he mistyped the email address and the message was not delivered. (The NCA doesn’t send bounce-back notifications.)
Click here to read the complete articleAttachments:
The buck goes so far... Don't delegate things that you know you have to do yourself...lol Posted on: def3.i2p