Hackers Shop for Vulnerabilities at Online Black Markets
Just like Silk Road (the illegal online black market designed to smuggle drugs around the world), there exists an online trade for zero-day exploits. Unsurprisingly, hackers find it exceptionally lucrative to sell these exploits for profit. Now, there’s a new marketplace where hackers can get their hands on these vulnerabilities, and it’s all thanks to the anonymity of the Darknet.
The marketplace in question, according to WIRED magazine, is known as TheRealDeal Market. Similar to other questionable online marketplaces, it takes advantage of Tor, an anonymity software that masks the identity of all users and administrators, and the cryptocurrency Bitcoin. However, WIRED specifically mentions that TheRealDeal differs in the sense that it’s attempting to provide rare, high-quality code rather than stolen credentials and hacking tools. This essentially transforms TheRealDeal into a “code market” of sorts, where hackers can turn to in order to find code that’s either difficult to find, or is simply worth more to the upper ring of cybercriminals.
Of course, there’s no telling whether any of these supposed exploits being sold are “the real deal.” According to WIRED:
Any of the listings could instead be attempts to scam gullible buyers. The $17,000 iCloud vulnerability in particular, which claims to offer access to virtually all of a user’s sensitive mobile data including emails and photos, seems like an unusually good bargain. For comparison, zero-day salesmen told me in 2012 that a working iOS exploit could sell for as much as $250,000. The next year The New York Times reported that one had sold to a government for a half million dollars.
So, for all we know, these might be scammers who are out to steal from would-be hackers. Ironically, TheRealDeal appears to have some sort of fraud protection system put into place, though it’s unclear how it works. Despite this, it’s clear that the market’s practices are questionable at best; especially because they sell other contraband under the radar, including stolen identities, LSD, and amphetamines.
This behavior is deplorable, but in a way, it’s somewhat innovative. If this tells us anything, it’s that the buying and selling of online exploits is becoming a serious, organized business. With rare code becoming more accessible (for the right price, of course), hackers will be able to take advantage of it more often. This makes protecting yourself from advanced threats more important than ever before.
Comprehensive security measures are necessary to make sure that your systems are always up to date and effectively preventing threats from accessing your information. This is precisely what our Unified Threat Management (UTM) solution accomplishes. Through use of antivirus software, firewall, content filtering, and spam blocking measures, your network can stay as secure as possible. Reach out to us at 603-889-0800 to learn more.