Analysis

Is this new zero-day dark market the real deal?

Davey Winder takes a look at the latest market to appear on the dark web and ponders whether it's a sting operation...

Yet another dark web market has emerged to fill the gap left by demise of the Silk Road and Silk Road 2, or at least that's the way it would appear with concern within the security industry over the discovery of TheRealDeal Market.

Just like the now infamous, and deceased, Silk Road markets TheRealDeal operates within the Tor network space to supposedly stay under the radar and provide anonymity for those who trade within it. Unlike the Silk Road incarnations though, TheRealDeal isn't primarily concerned with the sale of illegal drugs, instead it is concentrating on the trade in zero-day exploit code. That isn't to say there are no drugs, weapons and stolen credit card data sets for sale, but rather these are not the main focus of the site.

Advertisement - Article continues below

What this means is that you will find ready to roll exploit code which targets (according to the seller) the recently revealed MS15-034 Microsoft IIS Remote Code Execution vulnerability and is being sold with the necessary research data to enable the purchaser to put it to bad use. Another exploit already up and on offer includes zero-day code claiming to target remote database objects in the Apple iCloud, and another exploiting Android's WebView browser.

Advertisement
Advertisement - Article continues below

The creators of TheRealDeal Market claim it has come about in direct response to the number of dark websites which have emerged during the past few years which don't actually have anything of value to sell and are just scams. In order to prevent scams, the site operators have transaction fees and a multi-signature escrow model which requires two out of the buyer, seller and site admin parties to sign off a deal before money becomes available for transfer.

Advertisement - Article continues below

Operating for approximately a month now, TheRealDeal doesn't actually appear to be anything that new. After all, it still relies upon the Tor network and Bitcoin for anonymous trading. Both of which could prove to be its downfall, as neither prevented law enforcement from infiltrating and ultimately shutting down previously highly successful dark markets. The move away from drugs and weaponry might be seen as a tactic to avoid the attention of such law enforcement by some, however the reality is that by acting as a broker for premium zero-day code exploits the radar will be just as powerfully focused upon them.

Such places will always exist while there is a market for cyber criminals looking to purchase exploits, which can be hugely profitable; and it's this profitability question that makes me wonder if TheRealDeal is really anything to worry about. Take that iCloud exploit I mentioned earlier, which is selling for the equivalent of 11,000. Now that may seem a reasonable return, however, consider that the 'market value' of such an exploit (according to industry experts) would be in excess of 75,000 and you either have a real bargain or a scam on the table. Indeed, at that kind of asking price, assuming that's for a one off sale rather than an any takers kind of deal which would dilute the worth very quickly indeed to a serious criminal, the author of the exploit code would surely do better to approach the vendor and claim a security bug bounty.

Advertisement - Article continues below

Even if this dark market is 'the real deal' there remains another hurdle which could prove even harder to vault and that's the not too small matter of trust. With undercover FBI agents proving to be the downfall of The Silk Road, and plenty of increasingly more believable conspiracy theories regarding just how anonymous the Tor network is, trust has to be top of the agenda for potential dark traders. Indeed, there is already some discussion on both sides of the IT security fence as to whether TheRealDeal is in fact a law enforcement sting operation. 

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020