23:50 GMT08 May 2021
Listen Live
    Get short URL

    An "ethical hacker" breached the database of a darknet website offering bogus hitman services and leaked the data, which helped the FBI convict a Minnesota man who murdered his wife – a case that raises a number of quandaries about "white hat" web infiltration.

    In November 2016, Stephen Carl Allwine killed his wife in "one of the most bizarre cases ever seen," police officers reported at the time. Allwine attempted to mask the murder as a suicide, placing a 9 mm pistol next to his wife Amy's elbow — despite his efforts, detectives quickly identified the case as murder and collected evidence.

    ​The following January, he was arrested and charged with second-degree murder based on their forensic analysis of the confiscated electronic equipment's contents — although an unexpected exposure helped prosecutors upgrade the charge to first-degree murder, and make his conviction a foregone conclusion.

    The break in the case resulted from the May 2016 hacking of dark web hitman service, "Besa Mafia" — it claimed to act as a broker between malevolent individuals and professional hitmen. Clients could also hire contractors to beat up victims, or set their enemy's car on fire. Prices for such services ranged between US$5,000 and US$200,000.

    The hacker — "bRpsd" — uploaded the site's client list to a public internet website, along with email addresses, personal messages between the Besa Mafia admin and its customers, "hit" orders and a folder named "victims" which provided information on ostensible targets.

    The breach made clear the website was a scam, fleecing money from customers and never providing any of the stated services — Chris Monteiro , an independent researcher who also hacked the site, stated the owner or owners of Besa Mafia reaped least 50 bitcoins — US$128,000 based on the cryptocurrency's June 2017 exchange rate — from the scam operation.

    Among the clients was none other than Stephen Carl Allwine — the pseudonym "dogdaygod" was linked to his email dogdaygod@hmamail.com, and found bitcoin addresses directly linked to him.

    Moreover, messages between Allwine and the Besa Mafia site's admin indicated he paid around US$15,000 to the service to kill his wife. He requested she be shot at close range, and their house burned down subsequently. The hacked data also revealed Allwine had purchased a drug, scopolamine, via the dark web — a dose 45 times higher than the recommended level was found his wife's body.

    Scopolamine is used to treat nausea or motion sickness when recovering from surgery — nicknamed the "Devil's Drug," it can erase a person's memory and render them incapable of exercising their free will.

    Besa Mafia stated the plan had a 100% success rate — although once the funds were transferred, the Besa Mafia communicator informed Allwine local police had stopped the hitman for driving a stolen vehicle, and taken him to jail prior to the "hit" — thus rendering him unable to complete the "service." Police files indicate this claim entirely fraudulent, and no individual was apprehended in the area for driving a stolen vehicle at that time.

    The case raises a number of questions about ethical hacking — while the term "hacker" does not have positive connotations, given such individuals typically breaks into systems or networks to procure sensitive information or infuse a network with chaos for the purpose of control, "white hat" hackers have the public's best interest at heart, or so they say.

    In doing so, they break into systems to point out security flaws, or bring attention to a cause, in the public interest.

    For instance, in February, a hacking group allied with Anonymous infiltrated and shut down the servers of Freedom Hosting II, a Tor web host favored by creators and distributors of child pornography.

    Nonetheless, while data gleaned via ethical hacking can evidently be used for positive ends by authorities, such activity remains frowned upon by governments, and in many instances results in prosecution for perpetrators.

    In 2015, when infidelity website Ashley Madison's user list was leaked to the public, investigators mulled legal action against the hack's architects — and many users have attempted class action lawsuits against the site for not suitably protecting their data.


    Watching You While You Browse: How the CIA Has Been Hacking Your Router
    NSA Hacking Tools Used for Another Massive Cyber Attack
    Australia to Set Up Cyber Warfare Unit to Protect Country From Hacking Attacks
    Latvian Man Extradited to US Over Hacking Scheme
    white hat hackers, ethical hackers, cyberattack, hacking, Ashley Madison, Federal Bureau of Investigation (FBI), US
    Community standardsDiscussion