Is this new zero-day dark market the real deal?

Dark Web

Yet another dark web market has emerged to fill the gap left by demise of the Silk Road and Silk Road 2, or at least that's the way it would appear with concern within the security industry over the discovery of TheRealDeal Market.

Just like the now infamous, and deceased, Silk Road markets TheRealDeal operates within the Tor network space to supposedly stay under the radar and provide anonymity for those who trade within it. Unlike the Silk Road incarnations though, TheRealDeal isn't primarily concerned with the sale of illegal drugs, instead it is concentrating on the trade in zero-day exploit code. That isn't to say there are no drugs, weapons and stolen credit card data sets for sale, but rather these are not the main focus of the site.

What this means is that you will find ready to roll exploit code which targets (according to the seller) the recently revealed MS15-034 Microsoft IIS Remote Code Execution vulnerability and is being sold with the necessary research data to enable the purchaser to put it to bad use. Another exploit already up and on offer includes zero-day code claiming to target remote database objects in the Apple iCloud, and another exploiting Android's WebView browser.

The creators of TheRealDeal Market claim it has come about in direct response to the number of dark websites which have emerged during the past few years which don't actually have anything of value to sell and are just scams. In order to prevent scams, the site operators have transaction fees and a multi-signature escrow model which requires two out of the buyer, seller and site admin parties to sign off a deal before money becomes available for transfer.

Operating for approximately a month now, TheRealDeal doesn't actually appear to be anything that new. After all, it still relies upon the Tor network and Bitcoin for anonymous trading. Both of which could prove to be its downfall, as neither prevented law enforcement from infiltrating and ultimately shutting down previously highly successful dark markets. The move away from drugs and weaponry might be seen as a tactic to avoid the attention of such law enforcement by some, however the reality is that by acting as a broker for premium zero-day code exploits the radar will be just as powerfully focused upon them.

Such places will always exist while there is a market for cyber criminals looking to purchase exploits, which can be hugely profitable; and it's this profitability question that makes me wonder if TheRealDeal is really anything to worry about. Take that iCloud exploit I mentioned earlier, which is selling for the equivalent of 11,000. Now that may seem a reasonable return, however, consider that the 'market value' of such an exploit (according to industry experts) would be in excess of 75,000 and you either have a real bargain or a scam on the table. Indeed, at that kind of asking price, assuming that's for a one off sale rather than an any takers kind of deal which would dilute the worth very quickly indeed to a serious criminal, the author of the exploit code would surely do better to approach the vendor and claim a security bug bounty.

Even if this dark market is 'the real deal' there remains another hurdle which could prove even harder to vault and that's the not too small matter of trust. With undercover FBI agents proving to be the downfall of The Silk Road, and plenty of increasingly more believable conspiracy theories regarding just how anonymous the Tor network is, trust has to be top of the agenda for potential dark traders. Indeed, there is already some discussion on both sides of the IT security fence as to whether TheRealDeal is in fact a law enforcement sting operation.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at