Digital ‘Arms Trade’ Flourishing In The ‘Back Alleys Of Cyberspace; New Dark Web Market Is Selling Zero-Day Exploits To Hackers — A Place Where A ‘Dr. No In Cyber Space May Emerge

Digital ‘Arms Trade’ Flourishing In The ‘Back Alleys Of Cyberspace; New Dark Web Market Is Selling Zero-Day Exploits To Hackers — A Place Where A ‘Dr. No In Cyber Space May Emerge

     Andy Greenberg, writing on the April 17, 2015 edition of, warns that hackers are getting new weapons for their cyber space arsenal, as a Dark Web Market is selling zero-day exploits to hackers.  “Hackers for years have bought and sold their secrets in a de facto gray market for zero-day exploits — intrusion techniques for which no software patch [currently] exists.  Now,” Mr. Greenberg warns, “a new [digital] marketplace hopes to formalize that digital arms trade…in setting where it could flourish: under cover of the Dark Web’s anonymity protections.”

     “Over the last month,” Mr. Greenberg notes, “a dark net marketplace calling itself TheRealDealMarket has emerged; focusing on brokering hackers’zero-day attack methods.  Like the Silk Road and its online black-market successors, TheRealDeal uses the anonymity software Tor and the digital currency Bitcoin — to hide the identities of its buyers, sellers, and administrators.  But. while some other sites have sold only basic, low-level hacking tools, and stolen financial details, TheRealDeal’s creators say they’re looking to broker premium hacker data…like highly sought after zero-days, source code, and hacking services.  In some cases, these are offered on an exclusive, one-time basis.”

     “Welcome….We originally opened this market in order to be a ‘code-market,’ where rare information and code can be obtained,” reads a message from the site’s anonymous administrators.  “Completely avoid the scam/scum, and enjoy real-code, real information, and real products.”

     “So far, the market doesn’t offer many exploits for sale; but, the few it does list…appear significant,” Mr. Greenberg observes:  One, with a price-tag of $17K in bitcoin, claims to be a new method of hacking Apple iCloud accounts.  “Any account can be accessed with a malicious request from a proxy account,” reads the description.”  “Please arrange a demonstration, using my service listing to hack an account of your choice,” the digital advertisement goes.

     “Others include a technique to hack WordPress’ multi-site configuration or, an exploit against Android’s Webview stock browser, and an Internet Explorer attack that claims to work on Window’s XP, Windows Vista, and Windows 7, available for around $8K in bitcoin,” Mr. Greenberg writes.  “Found two ago by fuzzing,” the seller writes, referring to an automated method of testing a program against random samples of junk data, to see when it crashes.”  “Oday, but might be exposed, can’ really tell without risking a lot of money,” he, or she adds.  “Willing to show a demo the usual ways, message me — but, don’t waste my time!”

     “Apple, Google, WordPress, and Microsoft hadn’t responded to WIRED’s request for comment at the time of publication,” Mr. Greenberg writes.

      “To be clear,” Mr. Greenberg notes, none of the exploits listed on the site have been confirmed to actually work (and WIRED hasn’t found a legal way to test them).  Any of the listings could instead….be attempts to scam gullible buyers.  The $17K iCloud vulnerability in particular, which claims to offer access to virtually all of a user’s sensitive mobile data — including emails, and photos, seems like an unusually good bargain.  For comparison, zero-day salesmen told me [Mr. Greenberg], in 2012, that a working iOS exploit could sell for as much as $250K.  The next year, The New York Times reported that one has sold to a government for a half million dollars.”

     “But, TheRealDeal does offer countermeasures against fraud,” Mr. Greenberg notes.  “Like the Silk Road and its ilk, it asks that all bitcoin transactions through the site be kept in escrow, so the payment can be returned to the buyer, if the seller doesn’t deliver.  And, unlike most Dark Web markets, it allows only so-called multi-signature transactions.  That means the bitcoins are held at an address jointly controlled by the buyer and the seller, and the market’s admins.  For the money to be moved to the seller’s account, two out of three of those parties must sign off on the deal, giving the administrators the tie-breaking vote to resolve disputes.  (Despite that system, it’s still not clear exactly how those disputes would be resolved.  In many cases, TheRealDeal admins would likely have to test exploits themselves, to know if a buyer had been scammed.”

     “TheRealDeal goes further than many past markets in attempting to assuage its users’ fears that the market itself might attempt to steal their bitcoins.  Though it collects a fee on every transaction (3 percent, or .1 bitcoin, depending on the size of the sale) it never asks the user to store their bitcoins in a [digital] wallet controlled by the market itself.  Therefore, it can’t pull the sort of “exit scan,” other markets like SheepMarketplace, and more recently, Evolution, have abruptly shutting down and absconding with millions of dollars worth of users’ coins.  “We don’t have a wallet, we don’t want your coins, and want to assure you that we will not run away with your coins one day,” the site’s FAQ reads.”

     “Just who’s running TheRealDeal is, as with most Dark Web markets, a mystery,” Mr. Greenberg wrote.  “An administrator didn’t immediately respond to WIRED’s requests for an interview, and the sites creators describe themselves only as experts in information security — with a background in zero-day sales.”  “We consist of 4 partners, who have a lot of experience in infosec,” they wrote in an anonymous Q&A with the Dark Web blog — DeepDotWeb.”

     “We have a lot of experience dealing in the [unencrypted, traditional Internet], when it comes to 0day exploit code, databases, and so on…..But, the problem is that 90 percent of these dealers are scammers.  People with a lot of experience can always do their best to determine if what they are buying is really based on technical information and demos; but, some of these “vendors,’ are very clever and very sneaky.  We decided it would be much better if there was a place people can trade such pieces of information and code, combined with a system that will prevent fraud — and, also provide [a] high degree of anonymity.”

     “TheRealDeal’s creators aren’t the first to try bringing this gray market economy online,” Mr. Greenberg writes.  “A website called WabiSabiLabi launched in 2007, with the aim of becoming an Ebay for exploits.  But, the business soon surrendered that notion, due in part to sellers’ inability to prove the validity of their exploits — without fully revealing them.  Despite all its multi-signature protection and escrow system, TheRealDeal could face a similar problem,” Mr. Greenberg concluded,  “Unlike other players in the zero-day industry, however, TheRealDeal doesn’t face the added hurdle of trying to keep its sales legal, and ethical.  Companies like the French hacking firm Vupen, by contrast, argue that its zero-day vulnerabilities only to NATO governments or allies.  Zero-day sales have become a lucrative underground trade in recent years, with government intelligence and law enforcement agencies often the highest bidders.  Those buyers might be turned off by TheRealDeal’s approach of using Tor and bitcoin to obscure sellers’ identities.  But, that anonymity instead….enables a “no-questions-asked” system that could draw a customer base of cyber criminals, or authoritarian regime hackers.”

     “If there were any remaining question about TheRealDeal’s legality, the site also sells a variety of money laundering services, stolen accounts, and drugs.  Its zero-day sales are the only featured items, in an otherwise — anything-goes smorgasbord…that includes everything from stolen identities, to LSD and amphetamines.”

     “In fact,” Mr. Greenberg writes, “TheRealDeal represents the Dark-Web economy’s continued progression towards a true, lawless free market.  The Silk Road, though it tolerated some simple and easily obtained hacking tools, generally enforced a policy of only “victimless” crime.”  “TheRealDeal has no such restrictions.  Its rules ban only child pornography and, strangely, services that offer “doxing,” the posting of specific users’ private information.  But victims, if its anonymous form of zero-day sales catches on, will just be another part of the business model.”

If The Dark Web Were A Country — We Would Call It A ‘Failed State,’ And Ungoverned Territory

      The Dark Web truly is the ;place,’ where cyber militias, cyber patriots, the off-the-grid types, cyber thieves, pedophiles, murderers, terrorists, and yes — intelligence and law enforcement types — congregate.  It is a place where cyber thieves and cyber sleuths ply their wares; and, where this digital ‘ungoverned’ territory is expanding.  And, thanks in part to Edward Snowden, it is a place where the Islamic State and jihadists seek ‘digital sanctuary,’ in an attempt to avoid the prying eyes of intelligence and law enforcement.  And, it might just be a place where a Dr. No in cyber space — emerges.  V/R, RCP


Leave a Reply

Your email address will not be published. Required fields are marked *