PODCAST

156: Kill List

2025-03-18 · 07:00 UTC ·52 min read

Brief

BesaMafia—a darknet site that advertised hitmen-for-hire—became the subject of a long investigative collaboration between cybersecurity researcher Chris Montero and journalist Karl Miller (documented on the Kill List podcast). Chris, who began researching darknet scams in 2015–2016, initially concluded BesaMafia was a scam. After the site’s admin ('Yura') pushed back and sent threats (including a burning-car video), Chris registered on the site and found a trivial URL-parameter flaw (insecure direct object reference, a top OWASP issue) that let him enumerate and download private messages from the site’s database. Over time he amassed hundreds of messages and built parsers and a web front-end to catalog orders, Bitcoin payment addresses, names, photos and timelines.

The recovered messages revealed disturbing, operationally detailed solicitations: names, addresses, timelines, negotiation over prices (typically several thousand dollars), and Bitcoin wallets confirming money flows. Some orders corresponded to real-world crimes: one $20,000 order targeted a 14-year-old; another $12,000 order tied to Amy Alwine prompted an FBI warning that—due to communication failures between federal and local police—did not prevent her husband, Stephen Alwine, from drugging and murdering her (he was ultimately convicted). Chris and Karl turned the scraped data over to the NCA and Interpol but found that anonymized international handoffs limited follow-up. They wrestled with journalistic ethics versus intervention, tried calling targets (often met with disbelief or hang-ups), and shifted to working with local reporters and police to get people warned and arrests made. A notable success involved ‘Ron Ilg,’ a Spokane surgeon who allegedly funded an elaborate plan (~$50,000) to kidnap/drug his wife; investigators found his BesaMafia credentials on a sticky note in a safe, leading to arrest and conviction. Chris lost reliable access to BesaMafia in 2023; across the project they logged ~900 people on the list and acted on hundreds, but the scam-run site still resurfaces and remains a source of harm despite arrests and technical takedown challenges.

Cleaned source text

title: "156: Kill List"

author: "Darknet Diaries"

source_type: podcast

content_hash: 7df26246cccb3f63385881c77430a69a581619523d1601ceb8076a799198c9f5

extraction_method: podscripts

I used to live and work in Las Vegas.

What a town that is.

I'm so glad that I got out of there.

It's like I had a hole in my pocket all the time and I could never find where it was.

Anyway, I was playing craps one day.

This is where you throw the dice.

It's a big table.

And this frail old man came up and he was playing too.

And he was betting big.

He was getting wild with his money, having a good time.

And I was rolling the dice and he was making money off of my dice roll, so he was liking me and

we started chatting it up.

But there was this dude behind him, a big guy, not a muscular man, but a guy who probably

loves cheeseburgers, if you know what I'm saying.

And I asked him, hey man, you want to get in on this game?

I got a hot roll going.

He didn't say anything.

And the old guy turns to me and he says, oh, don't mind him.

He's my bodyguard.

And I was like, oh, really?

This guy is your bodyguard?

And then the old man told me something that surprised me.

He said, yeah, but I don't actually

pay him to protect me if there's actually a fight.

And I was like, what?

You don't pay him to rescue you out of anything?

No, no, I can't afford that kind of bodyguard.

This guy just stands next to me,

and if something goes down,

he knows he doesn't need to step in.

And I'm like, well, hold on a second.

Why are you paying someone to stand next to you?

And he said, to be my bodyguard.

And I was like, no, but he's not guarding you though.

And the old man said, yeah, but no one knows that.

Everyone sees him next to me, and they don't mess with me because he's there.

I was like, does that work?

And he said, yep, I haven't been robbed yet.

These are true stories from the dark side of the internet.

I'm Jack Reisider.

This is Darknet Diaries.

This episode is sponsored by ThreatLocker.

Ransomware, supply chain attacks, and zero-day exploits can strike without warning, leaving

your business' sensitive data and digital assets vulnerable.

But imagine a world where your cybersecurity strategy could prevent these threats.

That's the power of the ThreatLocker Zero Trust Endpoint Protection Platform.

Robust cybersecurity is a non-negotiable to safeguard organizations from cyber attacks. ThreatLocker

implements a proactive, deny-by-default approach to cybersecurity, blocking every

action, process, and user unless specifically authorized by your team.

This least privileged strategy mitigates the exploitation of trusted applications

and ensures 24x7 365

protection of your organization.

The core of ThreatLocker is its Protect Suite, including application allow listing, ring

fencing and network control.

Additional tools like ThreatLocker Detect EDR, storage control, elevation control and

configuration manager enhance your cybersecurity posture and streamline internal IT and security operations. To learn more about how ThreatLocker can

help mitigate unknown threats in your digital environment and align your

organization with respected compliance frameworks, visit ThreatLocker.com.

That's ThreatLocker.com.

This episode is sponsored by Kinsta.

I've launched a bunch of websites in the past and it's always a challenge.

Have you ever configured a web server from scratch and then tried to fine tune it?

You might get it going, but then it might crash two months later and then you've got

to spend hours troubleshooting why it's down.

Kinsta doesn't want to see you tearing your hair out trying to bring your site to life.

No. Kinsta's team of experts are there to manage hosting for your WordPress site.

They've bundled up all the essentials to make sites stress-free with speeds that'll

wow your visitors, enterprise-level security, and a dashboard.

So intuitive, you'll wonder why everything isn't this easy.

If your entire business is online, you cannot afford to lose customers to a website that

performs badly.

Reliable uptime is a must, and Kinsta is there to provide you peace of mind.

Heard of TripAdvisor, NASA, Indeed?

They are among the 120,000 businesses that trust Kinsta with their WordPress sites.

Tired of being your own hosting support team?