When renting a hitman online goes horribly wrong

You might think looking up an illegal act online, and then visiting a website claiming to be all about doing said act, would be a huge mistake. Nobody would do this, right? Right?

It’s too wild to contemplate. You can barely move online for warnings about tracking or tracing. Even your web browser tells you when your activities aren’t hidden from your ISP or people running the network. As we’re about to see, lots of people simply don’t notice, or understand, such warnings. They just know they need someone to pay the price in a hurry.

As Europol said last week, some of the nastiest aspects in this realm lurk on the dark web – from threats of violence and exploitation, to drugs and criminal market services, they’re all there somewhere.

However…

Those folks I mentioned who don’t realise the massive problems they’re about to stumble into? They will go on the plain old internet and call up all manner of dubious sites and services without barely a second thought. Some will look for drugs. A few might want guns.

Others will take the elevator straight to the top floor of Disastrous Life Choices Incorporated.

Of websites and hitmen

A Michigan resident, Wendy Lynn Wein, has pleaded guilty and faces up to 9 years in prison for trying to have her ex-husband murdered via a hitman website. 

The hitman website was not in fact ready to cater to all her stealth assassination needs. It was a fakeout. Unbeknown to the would-be hitman hirer, she left a message of requirements along with a pseudonym.

This wasn’t enough to save her from the long arm of the law, however. The site owner contacted local law enforcement, and they sprang into action.

Shady meetings in a cafe might seem like a good idea, but probably not when the hitman sitting opposite you is an undercover detective. Wein explained what she wanted doing, and told the detective the potential victim’s work/home address and work schedule. She also offered up to $5,000 for the dirty deed, and then to seal the “Oh no, what have you done” deal handed over $200 as a downpayment.

A land of domain confusion: Part 1

I thought it’d be interesting to trace the legacy of the hitman website. How long had it been around for? Was it always used in this way? Unfortunately, things took a strange turn after digging into the URL mentioned on some news sites.

What I assumed was the hitman site has been around since at least 2004. Back then, it was redirected to a .(ru) domain. After that, it seems to have alternated between a blank page or one of those ad-laden search portals when the owner isn’t making use of the URL or it’s expired. It seems to have remained like that all the way up to the last couple of years. The final entry for the site on Internet Archive still shows an unused domain as recently as 2018.

There is no archiving of its most recent incarnation, most likely because the owner set it to not be indexed in some way (or it didn’t get scraped by the Archive’s crawlers in time).

Or, at least, that’s what I thought. Multiple news portals list the domain as rent-a-hitman(dot)com. That’s the URL I’ve just been describing via Internet Archive.

Guess what? That’s the wrong website!

A land of domain confusion: part 2

One news portal references some of the text from the alleged website and mentions a “point and click solution”, along with the site being compliant with the “Hitman Information Privacy and Protection Act of 1964”. This is a jokey reference to HIPPA, which many but the most observant of visitors would miss.

If you go hunting for this in various search engines, it returns the website rentahitman(dot)com. Notice the lack of hyphens! This is definitely the correct website.

It contains not only the HIPPA joke above, but lots of other fun features including a “merchandise coming soon” banner, the claim of more than “17,985 US based field operatives”, and the wonderful statement that “The dark web is not safe, but RAH is”. They even throw in a “Capisce”, just to stress the silliness of it all.

I did chuckle at the classic “Has your credit card been stolen on the internet” ad on the front page, complete with a fake card number entry box which simply redirects to the Internet Crime Complaint Center.

A slight diversion, then, but a good cautionary tale to make sure the URLs referenced in the news are the right ones. This seems even more important when talking about websites which may or may not provide assassination services.

The genesis of Rent A Hitman

How and why did this website come to be, you may ask. Well, this tale stretches back to at least July 2019. The creator, Bob Innes, set it up as a play on words (website page visit “hits”, as opposed to baffling acts of murder). After a while he had no use for it, and nobody wanting to purchase the URL. He bought the domain in 2005, so weirdly it isn’t that far off from the domain wrongly flagged as the genuine Rent a Hitman site.

Soon finding his email buried (best choice of words?) in hundreds of assassination requests, he took action on one in particular which seemed pretty insistent about having someone killed. A quick conversation with a law enforcement friend and an arrest later, and Rent a Hitman was suddenly in business as the Anti-Hitman Hitman Portal. Or something along those lines.

You’d think being so overt about the joke-laden website would ruin the objective of “save lives by preventing murders” and yet, as he notes, the requests keep rolling in. He’s able to direct dubious requests to law enforcement, and highlight how easily people will turn to bad actions at the same time.

That’s quite the talent, and it’s one we hope Bob will keep on using for a long time to come.

The post When renting a hitman online goes horribly wrong appeared first on Malwarebytes Labs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source