Analysis

Is this new zero-day dark market the real deal?

Davey Winder takes a look at the latest market to appear on the dark web and ponders whether it's a sting operation...

Yet another dark web market has emerged to fill the gap left by demise of the Silk Road and Silk Road 2, or at least that's the way it would appear with concern within the security industry over the discovery of TheRealDeal Market.

Just like the now infamous, and deceased, Silk Road markets TheRealDeal operates within the Tor network space to supposedly stay under the radar and provide anonymity for those who trade within it. Unlike the Silk Road incarnations though, TheRealDeal isn't primarily concerned with the sale of illegal drugs, instead it is concentrating on the trade in zero-day exploit code. That isn't to say there are no drugs, weapons and stolen credit card data sets for sale, but rather these are not the main focus of the site.

What this means is that you will find ready to roll exploit code which targets (according to the seller) the recently revealed MS15-034 Microsoft IIS Remote Code Execution vulnerability and is being sold with the necessary research data to enable the purchaser to put it to bad use. Another exploit already up and on offer includes zero-day code claiming to target remote database objects in the Apple iCloud, and another exploiting Android's WebView browser.

The creators of TheRealDeal Market claim it has come about in direct response to the number of dark websites which have emerged during the past few years which don't actually have anything of value to sell and are just scams. In order to prevent scams, the site operators have transaction fees and a multi-signature escrow model which requires two out of the buyer, seller and site admin parties to sign off a deal before money becomes available for transfer.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Operating for approximately a month now, TheRealDeal doesn't actually appear to be anything that new. After all, it still relies upon the Tor network and Bitcoin for anonymous trading. Both of which could prove to be its downfall, as neither prevented law enforcement from infiltrating and ultimately shutting down previously highly successful dark markets. The move away from drugs and weaponry might be seen as a tactic to avoid the attention of such law enforcement by some, however the reality is that by acting as a broker for premium zero-day code exploits the radar will be just as powerfully focused upon them.

Such places will always exist while there is a market for cyber criminals looking to purchase exploits, which can be hugely profitable; and it's this profitability question that makes me wonder if TheRealDeal is really anything to worry about. Take that iCloud exploit I mentioned earlier, which is selling for the equivalent of 11,000. Now that may seem a reasonable return, however, consider that the 'market value' of such an exploit (according to industry experts) would be in excess of 75,000 and you either have a real bargain or a scam on the table. Indeed, at that kind of asking price, assuming that's for a one off sale rather than an any takers kind of deal which would dilute the worth very quickly indeed to a serious criminal, the author of the exploit code would surely do better to approach the vendor and claim a security bug bounty.

Even if this dark market is 'the real deal' there remains another hurdle which could prove even harder to vault and that's the not too small matter of trust. With undercover FBI agents proving to be the downfall of The Silk Road, and plenty of increasingly more believable conspiracy theories regarding just how anonymous the Tor network is, trust has to be top of the agenda for potential dark traders. Indeed, there is already some discussion on both sides of the IT security fence as to whether TheRealDeal is in fact a law enforcement sting operation. 

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020