Slashdot Mirror
New Dark Web Market Is Selling Zero-Day Exploits
Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers' zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal's creators say they're looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.
Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Perhaps the vendors themselves should buy the exploits. Perhaps, it's not that different than a bounty program except for the fact that market pricing would determine the value of a vulnerability (and the lack of nobility in the mercernary nature of the process).
The danger the NSA presents is largely symbolic and philosophical.
The danger presented by script kitties and hackers is much more likely to actually effect your life and property.