16:55 GMT08 March 2021
Listen Live
    Get short URL
    0 33

    Hackers are now turning to a Dark Web marketplace called TheRealDeal Market to buy and sell zero-day exploits, codes they use to take advantage of software vulnerabilities that manufacturers do not yet know exist.

    TheRealDeal Market, which has emerged over the past month, focuses on brokering zero-day attack methods, Wired reported. Just like Silk Road before it, the site uses the anonymity software Tor and the digital currency bitcoin to hide the identities of its buyers, sellers, and administrators.

    "Welcome…We originally opened this market in order to be a 'code market'—where rare information and code can be obtained," reads a message from the site's anonymous administrators. "Completely avoid the scam/scum and enjoy real code, real information and real products."

    Among the services listed are a hack for Apple iCloud accounts, as well as attacks against WordPress, Android, and Windows.

    "Any account can be accessed with a malicious request from a proxy account," reads the description of the iCloud hack. "Please arrange a demonstration using my service listing to hack an account of your choice."

    The iCloud hack, which claims to offer access to virtually all of a user's sensitive mobile data including emails and photos, would be a steal at $17,000, Wired points out. Wired reported in 2012 that a working iOS exploit could sell for as much as $250,000. The next year, the New York Times reported that one had sold to a government for $500,000.

    And while the drastically reduced price tag found on the TheRealDeal could make a buyer wonder if it is a scam, the site offers countermeasures against potential fraud.

    Bitcoins are held at an address jointly controlled by the buyer, the seller, and the market's admins, Wired reported. For the money to be moved to the seller’s account, two out of three of those parties must sign off on the deal, giving the administrators the tie-breaking vote.

    The site’s creators, whose identities remain a mystery, wrote in an anonymous Q&A with the Dark Web blog DeepDotWeb:

    "We have a lot of experience dealing in the [unencrypted, traditional internet] when it comes to 0day exploit code, databases and so on.. But the problem is that 90% of these dealers are scammers.

    "People with a lot of experience can always do their best to determine if what they are buying is real based on technical information and demos but some of these 'vendors' are very clever and very sneaky.

    "We decided it would be much better if there was a place where people can trade such pieces of information and code combined with a system that will prevent fraud and also provide high anonymity."

    TheaRealDeal still faces the same hurdles as exploit-trading sites that came before it and folded, including sellers' inability to prove the validity of their exploits without fully revealing them.

    One obstacle not in TheRealDeal's path is the law. Unlike hacking firms that sell zero-day vulnerabilities only to governments or law enforcement, TheRealDeal is a marketplace for anyone searching to buy exploits, as well as money laundering services, stolen accounts, and drugs – other goods sold on the site that confirm its illegality.

    software, zero-day vulnerabity, zero-day exploit, hackers, dark web, Silk Road, Microsoft, Google, Apple
    Community standardsDiscussion