$10000 in Bitcoin Can Buy You Zero-Day Exploits on the Dark Net

Bitcoin is the most used currency on the dark net. Dark net marketplaces continue to be one of the attractive places to procure illegal drugs and contraband. In addition to the usual fare, one can also buy zero-day exploits for the right price.

As the use of technology continues to expand, the number of cyberthreats are also on the rise. According to a leading science and technology magazine, one can find over 300 cyberthreats on the dark net every week. While it is not easy for a person to manually visit all the hacker forums and marketplaces across the internet and find these threats, a machine learning algorithm run by a computer can do it in a jiffy.

Zero-day exploits are malicious codes that take advantage of undetected software flaws before it becomes known to the developers and security experts. These zero-day exploits are deployed before the developers patch the vulnerability. Many times, these zero-day exploits go undetected for days or even months.

When a cybercriminal or a hacker comes across a zero-day vulnerability in any software, he/she will rather find ways to exploit it than report the flaw to developers. These zero-day exploits thus developed are sold on the dark net. Anyone interested in stealing money or data from computers running vulnerable software can pay the right price and use it for personal gains.

The Dyre Banking Trojan is a well-known zero-day exploit that took advantage of a critical vulnerability in Windows OS Vista, 7 and 8. The exploit was sold on the deep web for $15000 by an unknown seller. It was widely used by hackers to steal credit card information from infected computers.

A group of cyber security researchers from Arizona State University have created a machine learning algorithm that studies hacking forums and marketplaces on the deep web and dark net. It then extracts specific information related to hacking attacks while ignoring references to drugs and contraband. The algorithm becomes more efficient as it learns and currently it is capable of detecting as high as 300 cyberthreats a week.

Some of the significant zero-day exploits detected by the algorithm include an Android exploit and an Internet Explorer 11 exploit, available on sale for $20000 and $10000 respectively.

Progressive developments in technology is gradually making it hard for businesses on the dark net to operate as usual. Similar to the gradually disappearing ‘anonymity factor” of Bitcoin, the machine learning algorithm is capable of significantly reducing threats from zero-day exploits.

Ref: MIT Technology Review | Image: TrustWave