How a Bitcoin Whitehat Hacker Helped the FBI Catch a Murderer
An ethical hacker breached the database of a phony darknet website offering hitman services and leaked the data. The information from the data dump helped the FBI in their investigation of a man who murdered his wife.
In November 2016, Stephen Carl Allwine, 47, of Cottage Grove, Minnesota, killed his wife in “one of the most bizarre cases ever seen,” police officers reported. The husband tried to mask the murder as a suicide, including putting a 9 mm pistol next to Amy Allwine’s elbow. However, detectives arriving on the scene identified the case as murder and collected evidence — mostly electronic devices, such as computers — belonging to Mr. Allwine. Later on, in January, investigators arrested and charged Mr. Allwine with second-degree murder based on the forensic evaluation of the confiscated electronic equipment.
In May 2016, a hacker called “bRpsd” breached the database of a controversial hitman service offered on a darknet website. The service, “Besa Mafia,” offered a link between customers and hitmen, who could register on the site anonymously. The price for a murder ranged between $5,000 and $200,000, but clients seeking to avoid fatalities could also hire a contractor to beat up a victim for $500 or set somebody’s car on fire for $1,000.
The hacker uploaded the data dump to a public internet website. The leaked files contained user accounts, email addresses, personal messages between the Besa Mafia admin and its customers, “hit” orders and a folder named “victims,” providing additional information on the targets.
The breach highlighted the fake nature of the website, which operated only to collect money from the customers. Chris Monteiro, an independent researcher who also hacked into the site, stated the owner or owners of Besa Mafia had made at least 50 bitcoins ($127,500 based on the current value of the cryptocurrency) from the scam operation.
According to a message posted by a Besa Mafia administrator and uncovered in the dump, “[T]his website is to scam criminals of their money. We report them for 2 reasons: to stop murder, this is moral and right; to avoid being charged with conspiracy to murder or association to murder, if we get caught.”
The leak of the Besa Mafia database helped the police investigating the murder of Mrs. Allwine. As the officers analyzed her husband’s devices, they discovered the suspect had accessed the dark web as early as 2014. Furthermore, investigators identified the pseudonym Mr. Allwine used on the darknet, “dogdaygod,” which was also linked to his email, “firstname.lastname@example.org,” in some cases. Detectives found bitcoin addresses in the conversations between Besa Mafia and Mr. Allwine, which linked the husband directly to the “dogdaygod” pseudonym, providing authorities with necessary evidence for the case.
Eventually, law enforcement agents analyzed the data dump bRpsd leaked and discovered Mr. Allwine’s email in the list. In addition, investigators found messages between the suspect and the Besa Mafia admin. According to a criminal complaint, Mr. Allwine paid between $10,000 to $15,000 to the supposed hitman service to kill his wife. The complaint detailed how Mr. Allwine had decided to have the hitman shoot Mrs. Allwine at close range and burn down the house afterward.
However, once the funds were transferred, the Besa Mafia communicator told Mr. Allwine that “local police [have] stopped the hitman [from] driving a stolen vehicle and taken [him] to jail prior to the hit,” thus rendering him unable to complete his “service.” The complaint cited Sergeant McAlister who reported that during that time, “no one was apprehended in Minnesota and western Wisconsin in a stolen vehicle and possession of a gun.”
It is likely that the ethical hacker’s data breach had an impact on Mr. Allwine’s case; on March 24, 2017, the Washington County District Court charged him with first-degree murder. In addition, officers have gathered more evidence in the case — a drug called scopolamine was discovered at 45 times higher than the recommended level in Mrs. Allwine’s body. Investigators subsequently discovered that her husband had also ordered the substance on the dark web.