
A fake hitman, a kill list, a darknet vigilante, and a murder - Tomte
https://www.wired.co.uk/article/kill-list-dark-web-hitmen
======
pjc50
Another possible moral is _don 't be a freelance security researcher as a
hobby_. You should at least get paid for it and get some organisational cover
- not only are you potentially at risk of crossing organised crime, but you
can very easily be framed and end up raided by the police.

~~~
JackFr
> Another possible moral is don't be a freelance security researcher as a
> hobby. You should at least get paid for it and get some organisational cover
> - not only are you potentially at risk of crossing organised crime, but you
> can very easily be framed and end up raided by the police.

Alternate reading -- the best way to extricate yourself from a dark web scam
is to pose as a freelance security researcher as a hobby and turn on your co-
conspirators. Explains why you have admin access to the the site and all its
email correspondence when the police come looking for you.

~~~
21
Except this guy had proof that he contacted law enforcement multiple times and
provided them with data (which they mostly ignored).

~~~
JackFr
Yeah - when you get cold feet that’s how you inoculate yourself.

“I got this stuff cause I’m a random security analyst, not cause I’m an admin
for the site”

------
Eliezer
You so rarely run into a news story that considers a genuinely difficult
ethical question. I think I’d say that it’s morally wrong to run a scam hit
darksite to steal money from people who want assassins, but it is not obvious.
Especially when you consider the larger point that the existence of scams like
this one make it harder for a real service to pop up.

~~~
rurp
There is research showing that suicide rates increase with greater access to
easy methods(ie. guns). My guess would be that murders work much the same way.
Planning and executing a murder is difficult, signing up for a website and
sending bitcoin is easy. I suspect that murder appearing more accessible
encourages more people to pursue it. Obviously a scammer won't pull off an
actual hit, but I worry that the person paying might be more willing to pursue
other methods after months of thinking about it and being led on by the
scammer.

~~~
SlowRobotAhead
A small argument here... where it seems you are misusing causality.

>There is research showing that suicide rates increase with greater access to
easy methods(ie. guns).

Saying that "access to guns" increases suicide is a very misleading statement
often used intentionally. As there is no concern for the opposite effect of
ownership nor any reasoning of cause vs effect. There are more defensive uses
of guns than misuses, including suicides according to the CDC. BUT...

To tie it to your argument... Does having access to internet CAUSE an increase
in murder for hire?

If we want to limit murder for hire - Should we ban Tor or encryption, should
be allow our civil rights to be removed because some people will misuse them?
By your wording especially-yes because these things are 'easy', it's just
signing up for a website and making a bitcoin transfer after all.

I question any line of thought that leads with _" this is bad because people
might misuse it"_ or that _" we should stop people thinking about something"_.

~~~
mattigames
> "this is bad because people might misuse it"

Well, that's the reason you can't buy a nuclear gun even if you have the money
it costs; because you "might misuse it" or maybe you just want it for a
collection, doesn't matter you can't have one; so its not as black as white as
some might believe.

~~~
SlowRobotAhead
That's a disingenuous argument. We're talking about guns and in a broader
sense encryption access as it pertains to the article. Which are two things
that have legitimate and defensive purposes.

Something like a "nuclear gun" or DDoS attack has no defensive purpose. In the
terms of firearms, you jumped to ordinance when the topic is about arms. I
hope you didn't do so intentionally.

~~~
mattigames
Ok you want to get really specific about guns, let's do that. The reason guns
are so popular for suicide is because it is immediate, unlike filling your car
with carbone dioxide (gas) or figuring out how to hang yourself. The
immediateness give suicidal people a lot less minutes to further consider
their decision, an minutes are very important in the case of these people,
specially when the decision hasn't been in their heads for years but only for
days meaning a emotional response to an traumatic event, for example that's
what happened to Katie Stubblefield, broke with his boyfriend then took his
brother's rifle and shot herself in the head at her parent's house, you see...
when you fail to kill yourself by hanging there is not pretty much any lasting
damages due such failed attempt, unfortunately for Katie the same cannot be
said for rifle shots, she was found by her mother with pretty much nothing
left of her face but lots of blood and exposed bone and still breathing; so
yeah, guns make the suicide issue a lot more complex for multiple reasons
while there is no upside for society, America would be pretty much the same if
after 1900 guns had been banned, of course you think otherwise, you give it
some emotional weight or some false protection purpose, given countries
without guns on their streets don't seem to be doing any worse.

~~~
SlowRobotAhead
People select effective tools, shocker.

>America would be pretty much the same if after 1900 guns had been banned

That’s a pretty massive leap. Maybe you can ignore the 500k-3M defensive gun
uses per year, maybe you can ignore the civil rights movement that was
furthered by blacks arming themselves - coincidentaly this is the roots of
modern gun control in the USA (a plan to keep “the wrong people” from owning
guns, still rooted in racism today), ignore the “rooftop Koreans”, ignore that
unlike Mexico to the tip of Chile that razor wire and bars on Windows isn’t
common in USA because the penalty for property crime can be death, ignore that
our military is the best in the world because of country boys that grew up
with positive gun culture, ignore all you like. You’re clearly not presenting
a factual argument with such a broad hypothetical.

Edit: I’ve already been sucked in to a silly line of thinking too much. The
point here isn’t that you’re scared or upset about the existence of guns. It’s
that we don’t get rid of things or stop people from thinking things because
someone might be bad. That’s not how a free society works.

~~~
mattigames
Your definition of "free society" is probably the problem here. In mine the
tools of violence play a non-existing role; for exactly the same reason they
don't get atomic bombs.

~~~
SlowRobotAhead
> In mine the tools of violence play a non-existing role;

Lol. When you have a problem, you’re going to call police, to bring a “tool of
violence”. You’re just being naive about who is ‘allowed’ to have a means of
defense.

If police are the only ones that can defend themselves from people like you -
you aren’t free, you are subservient. Aren’t the same people a threat to them,
a threat to you? Classes of nobility don’t seem very free to me.

But... you jumped to “nuclear gun”, so how much of a serious argument could I
expect from you?

~~~
mattigames
Ad hominem much. Bla bla you believe what you want in a civilized country the
only gun needed by the police may be a taser gun.

~~~
SlowRobotAhead
You’re right, I’m sorry, I didn’t realize you were literally a child,
mattigames.

>only gun needed by the police may be a taser gun

:D please tell me more about your experience with police and police training!
Then I’ll tell you mine where I’ve traveled around the country training and
training with police. Can’t wait.

EDIT: Nice job using a throwaway account to downvote my posts! Though you
should know that’s against the TOS here.

~~~
dang
Please don't do flamewars on HN, and especially don't cross into incivility
like you did here. That's a way to get banned on HN, but we'd much rather that
you take the spirit of this site to heart. Please see the links at
[https://news.ycombinator.com/item?id=18787962](https://news.ycombinator.com/item?id=18787962).

~~~
SlowRobotAhead
Absolutely my bad. I got sucked into it somehow despite it being clear the
topic was lost nearly right away.

~~~
dang
It happens to nearly all of us.

------
pvaldes
> A tall man in his thirties with thick sable hair, a short beard and deep-
> set, dark eyes, Monteiro ... [can be found doing this and that and also
> doing this in reddit and... ]...

Hey, This guy put a lot of effort trying to be anonymous and could have
serious problems if not, so lets describe him thoroughly in a public
e-journal!.

I hate when journalists do this.

~~~
mannykannot
At this point, he had already revealed probably-identifying information in an
interview with the Mirror newspaper. That same interview respected his
accomplice's desire for anonymity, so I don't think we can assume journalists
were at fault here.

This was after he was disturbed enough by receiving a video of a burning car
to go to the police. He seems to have a complex relationship with anonymity.

~~~
SlowRobotAhead
I think this and the rest of the article really only shows me that this guy
while technically prepared to be a security researcher - practically or
emotionally is not.

His buddies have the good sense to remain anonymous.

~~~
giancarlostoro
I think to some degree he tried, I'm still wondering if "bRspd" is the same
guy, anytime it talks about proper hacks / database dumps it blames whoever
bRspd is, and keeps him and Judge Judy out of it. It just seems a little too
coincidental. He should of published as an anonymous blogger (or more), and
then based his wiki work off that. Maybe purposely write in terrible English
in anoymous blogs.

------
danso
Pretty good write-up of the Allwine/"dogdaygod" case, which contains more
information about the husband's personal situation and subsequent trial:

[https://www.washingtonpost.com/news/morning-
mix/wp/2018/01/2...](https://www.washingtonpost.com/news/morning-
mix/wp/2018/01/25/a-church-elders-ashley-madison-affairs-led-him-to-the-dark-
web-and-murder-police-say/)

------
yawaworhtttt
I'm always wondering - how can people that are determined enough to access the
dark web and buy crypto, and willing to instigate a murder, fall for such
obvious scams? Do they really think the mafia hosts front sites for anyone to
browse and order through? What, do they think they give discounts and fidelity
cards as well?

~~~
jpatokal
Hitmen are an actual thing that exists, it's not crazy to expect them to be
available for hire via the dark web. In terms of legality and the consequences
of being caught, ordering a hit on someone is not _that_ different from
ordering a kilo of heroin, and the dark web facilitates that pretty well.
(Morality is, of course, another matter.)

~~~
pmart123
I'm sure there is a crazy world of high-end assassins given the incidents
involving Jamal Khashoggi, Viktor Yushchenko, Alexander Litvinenko, etc. But
from a business standpoint and morality aside, the "every person" assassin
almost seems as bad of a business model as the one high school kid who sells
fake ids. You have a bunch of one time customers, extremely high legal risks
versus the financial payoff, and a high likelihood of eventually getting
caught. With drugs, you have addicted, and therefore, repeat customers.

~~~
Moodles
Indeed, I would suspect that real hitmen usually aren’t full time hitmen as an
occupation. In the case of the highend examples you mention, they’re probably
ex special forces or spies for that country that usually don’t get asked to do
that, but do some other jobs for their paymasters. And most “hitmen” are
probably actually from extremely poor countries and live and work in gangs
doing all the usual gang illegal stuff in addition to doing hits (for
relatively low sums).

I think dark web hitmen are entirely scams, but I suppose if we can literally
buy heroin or crystal meth online from the dark web, it’s not entirely naive
to think aprori that hits could also be purchased. The reason they’re not is
probably that it’s actuslly extremely difficult to regularly perform hits in
the West, and probably not a great business model to scale on the dark web for
the average Joe who wants to pay only a few grand for a hit.

~~~
AndyMcConachie
Richard Kuklinski was a fulltime hitman. He had some other scams on the side,
but killing was his business. I suspect that when you're running a large
criminal enterprise you need people like Kuklinski on a kind of retainer
basis.

[https://en.wikipedia.org/wiki/Richard_Kuklinski](https://en.wikipedia.org/wiki/Richard_Kuklinski)

[https://www.youtube.com/watch?v=qpTDo4fUW4s](https://www.youtube.com/watch?v=qpTDo4fUW4s)

~~~
Moodles
> Richard Kuklinski was a fulltime hitman

The wikipedia page you linked says:

> Throughout his criminal life, Kuklinski was involved in narcotics,
> pornography, arms dealing, money laundering, collecting debts for loan
> sharking, hijacking and contract killing.

~~~
microtherion
Sounds like a full stack criminal to me.

------
rwmj
The British police really don't come out of this well. Not especially
surprising as they are also failing to do anything about rampant internet
fraud.

------
imhoguy
Excellent writing. The story, although real, has all elements to make a decent
thriller movie.

~~~
skilled
Was getting this vibe myself. Had to ask myself at the end of it -- and even
during -- why is this not a movie.

~~~
SlowRobotAhead
Well, the main character seems to be slightly bubbling in terms of keeping
himself anonymous, having keep records and contacts with police, appropriately
handling contacts with journalists, and the story only glances on the murder
of Bryon that is touched on twice and never resolved in the slightest making
me assume it’s tangentally related enough to add to the article title but
that’s about all.

I’m not sure _“amateur security researcher”_ makes a good story. Look at the
ethical question posed, some dude make upto millions on this scam, by taking
money from bad people, he by far isn’t the worst person in the story.

IDK. I see the real hero of the story here to be the two hackers that remained
anonymous through the story, because they had the good sense to make that a
priority.

------
coldcode
This could be the seed of a great movie. Hobbyist investigates "dark web"
sites and find a hitman site that seems like a scam, only to find it's really
much worse.

~~~
soylentgraham
A bit like the Mr Robot episodes with Craig Robinson (guess that needs a
spoiler alert, apologies!)

------
skilled
I almost want to make a joke saying that the moral of the story is not to get
married. Nevertheless, an excellent write-up and just as enticing of a story.

~~~
livueta
Although that's amusing, there's a pretty good real moral to this story:

> It appeared that Monteiro had been arrested on the basis of a misinformation
> campaign.

> There had been warning signs for a while, at least since the point at which
> Yura had threatened to expose him as a cop. In June 2016, when Monteiro
> hacked into Yura’s Gmail account, he had noticed that the scammer had
> created email addresses under the name of Chris Monteiro

Until I got to this point in the article, I hadn't realized that the initial
denunciation of the site[1] was done under _Monteiro 's real name_. This is a
good example of why messing with internet scumbags, even if they're pretty
clearly not actual mafia capos, is an activity best undertaken
pseudoanonymously (at the very minimum). Although what happened to Monteiro
was a bit nastier than usual skiddie fare, there are a _lot_ of ways, from
financial fraud to swatting, for someone who wishes you ill and possesses your
dox to seriously mess with your life.

Seems like Monteiro was too wrapped up in the acquisition of personal
notoriety to care about opsec. My intent isn't necessarily to victim-blame
Monteiro, but hopefully this episode will serve as a lesson to other well-
meaning but potentially naive vigilantes.

Some of the nasty stuff that's happened to Krebs[2] also falls into this
category. I guess in his case it's probably more of an intentional, aware-of-
the-risks tradeoff, but man, I don't think that's a deal I'd be willing to
make, especially since many such incidents don't end so peacefully[3].

\---

[1] [https://pirate.london/assassination-scams-the-next-
generatio...](https://pirate.london/assassination-scams-the-next-
generation-16faccef578e)

[2] [https://krebsonsecurity.com/2013/03/the-world-has-no-room-
fo...](https://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/)

[3] [https://arstechnica.com/tech-policy/2018/11/man-pleads-
guilt...](https://arstechnica.com/tech-policy/2018/11/man-pleads-guilty-to-
swatting-attack-that-lead-to-death-of-kansas-man/)

~~~
giancarlostoro
> Until I got to this point in the article, I hadn't realized that the initial
> denunciation of the site[1] was done under Monteiro's real name. This is a
> good example of why messing with internet scumbags, even if they're pretty
> clearly not actual mafia capos, is an activity best undertaken
> pseudoanonymously (at the very minimum). Although what happened to Monteiro
> was a bit nastier than usual skiddie fare, there are a lot of ways, from
> financial fraud to swatting, for someone who wishes you ill and possesses
> your dox to seriously mess with your life.

I hope he learned from "Judge Judy" to not expose his real identity.

------
0898
This guy hacks into a darknet "hire a hitman" site and downloads the target
list. Although the site is fake, he realises that the target list could help
pre-empt real murders.

~~~
talltimtom
He goes to the cops who ignore him, because they feel they have better things
to do then prevent What enda up being at least two murders.... then later the
bad guy buys some SEO and they raid the white-hats place because they think
he’s running the site..... the site he handed over to them already... the site
they didn’t care about. These cops don’t just seem incompetent, they seem
downright moronic.

~~~
JackFr
No, it's not quite that simple.

As presented by the journalist here, it makes sense to believe him. But
imagine seeing what Monteiro is presenting in real-time, with some reasonably
cautious skepticism. His computers contain the entire source of the hitman
site, he had admin capabilities of the site, enough to take it down. Even as
Yura created new sites Monteiro retained the ability to read all of the email
of the site. A reasonable reading of that, is that rather than a white knight,
it was just as likely he was a co-conspirator.

And frankly they shouldn't fully let go of that idea. The author seems willing
to take everything Monteiro says at face value, without an ounce of
skepticism. If Monteiro and Yura were a team and one got cold feet, how would
it play out, and how could one best cover his tracks?

~~~
SlowRobotAhead
>Even as Yura created new sites Monteiro retained the ability to read all of
the email of the site. A reasonable reading of that, is that rather than a
white knight, it was just as likely he was a co-conspirator.

Yes. I found this to be unbelievable.

Let’s say bad-admin uses an out of date Wordpress or join pa instance with
some security flaw. Am I really to beleive in 2 years he keeps using the same
instance every time his site is taken down?

That seems extremely unlikely.

If your hian site is taken down by some guy in London, you’re going to wonder
how; and probably assume it was some bad code on your end.

Dude keeps using the same code and keeps wondering how his site keeps getting
hacked - yet, knows enough to work SEO, get a guy SEATed, run an anonymous
darkwrv site, and handle crypto payments?

Sure seems odd.

------
gammateam
Just do a CTRL+F on "Njoroge" if you want to read more about the case in the
opening paragraph. The story doesn't circle back to that until WAYYYYY too
deep in this long form article.

I get the writing style, but it should give some closure to that much earlier
on.

------
mrdickbig
Unfiltered uploads AND sql injection? jeeeez...

