Slashdot Mirror
New Dark Web Market Is Selling Zero-Day Exploits
Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers' zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal's creators say they're looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.
Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
This sounds like a honeypot to me..
The NSA already has all of the exploits. I fear them a lot more than some random hacker in China or Romania who's willing to buy one from this site.
Also, WordPress doesn't have vulnerabilities, WordPress *is* a vulnerability. It will not touch any servers I'm responsible for.
At first I realized even on the darknet, and for exploits, Apple commands a price premium. Hopefully the exploit is well polished and deserves this premium. Second, the site uses a multiple signature escrow system to assure an exploit is real. The presumption being the site is real and is not itself a means to pirate Bitcoin by them being put in escrow.
is down
before0day.com
is it really? i2p hmmmmm =]
you can celebrate any day all day.
All the researchers worth a damn already have the big customer's phone numbers in their cell phones.
many haxx
such pricez
w0w
I am pretty sure there have been sales of tools of all flavors on the "dark net" for some years. The fact that this has come to light just now is shocking. Botnets have been for sale for some time. Exploration Tools have been for sale for some time. Why not 0 Day exploits?
DRTFA, but then again, the way the subby pitched this, I don't care to. If your are going to tell me something new, put it in the description. If you are going to tell me something that has already known, don't bother telling me. I know the New York Times might not be aware of this, but this is SlashDot. We are not talking about people completely in the dark. Just don't go publish this in some political rag because we don't need Obama firing another half cocked executive order.