IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
Analysis

Is this new zero-day dark market the real deal?

Davey Winder takes a look at the latest market to appear on the dark web and ponders whether it's a sting operation...

Dark Web

Yet another dark web market has emerged to fill the gap left by demise of the Silk Road and Silk Road 2, or at least that's the way it would appear with concern within the security industry over the discovery of TheRealDeal Market.

Just like the now infamous, and deceased, Silk Road markets TheRealDeal operates within the Tor network space to supposedly stay under the radar and provide anonymity for those who trade within it. Unlike the Silk Road incarnations though, TheRealDeal isn't primarily concerned with the sale of illegal drugs, instead it is concentrating on the trade in zero-day exploit code. That isn't to say there are no drugs, weapons and stolen credit card data sets for sale, but rather these are not the main focus of the site.

What this means is that you will find ready to roll exploit code which targets (according to the seller) the recently revealed MS15-034 Microsoft IIS Remote Code Execution vulnerability and is being sold with the necessary research data to enable the purchaser to put it to bad use. Another exploit already up and on offer includes zero-day code claiming to target remote database objects in the Apple iCloud, and another exploiting Android's WebView browser.

The creators of TheRealDeal Market claim it has come about in direct response to the number of dark websites which have emerged during the past few years which don't actually have anything of value to sell and are just scams. In order to prevent scams, the site operators have transaction fees and a multi-signature escrow model which requires two out of the buyer, seller and site admin parties to sign off a deal before money becomes available for transfer.

Operating for approximately a month now, TheRealDeal doesn't actually appear to be anything that new. After all, it still relies upon the Tor network and Bitcoin for anonymous trading. Both of which could prove to be its downfall, as neither prevented law enforcement from infiltrating and ultimately shutting down previously highly successful dark markets. The move away from drugs and weaponry might be seen as a tactic to avoid the attention of such law enforcement by some, however the reality is that by acting as a broker for premium zero-day code exploits the radar will be just as powerfully focused upon them.

Such places will always exist while there is a market for cyber criminals looking to purchase exploits, which can be hugely profitable; and it's this profitability question that makes me wonder if TheRealDeal is really anything to worry about. Take that iCloud exploit I mentioned earlier, which is selling for the equivalent of 11,000. Now that may seem a reasonable return, however, consider that the 'market value' of such an exploit (according to industry experts) would be in excess of 75,000 and you either have a real bargain or a scam on the table. Indeed, at that kind of asking price, assuming that's for a one off sale rather than an any takers kind of deal which would dilute the worth very quickly indeed to a serious criminal, the author of the exploit code would surely do better to approach the vendor and claim a security bug bounty.

Even if this dark market is 'the real deal' there remains another hurdle which could prove even harder to vault and that's the not too small matter of trust. With undercover FBI agents proving to be the downfall of The Silk Road, and plenty of increasingly more believable conspiracy theories regarding just how anonymous the Tor network is, trust has to be top of the agenda for potential dark traders. Indeed, there is already some discussion on both sides of the IT security fence as to whether TheRealDeal is in fact a law enforcement sting operation. 

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Larger monitors aren't all they're cracked up to be
monitors

Larger monitors aren't all they're cracked up to be

3 Dec 2022
Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine
cyber warfare

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

5 Dec 2022