Skip to content

TechRepublic

  • Top Products Lists
  • Developer
  • 5G
  • Security
  • Cloud
  • Artificial Intelligence
  • Tech & Work
  • Mobility
  • Big Data
  • Innovation
  • Cheat Sheets
  • TechRepublic Academy
  • CES
  • TechRepublic Premium
  • Top Products Lists
  • Developer
  • 5G
  • Security
  • Cloud
  • Artificial Intelligence
  • Tech & Work
  • Mobility
  • Big Data
  • Innovation
  • Cheat Sheets
  • TechRepublic Academy
  • CES
  • See All Topics
  • Sponsored
  • Newsletters
  • Forums
  • Resource Library
TechRepublic Premium
Join / Sign In
Security

Gallery: The top zero day Dark Web markets

By Dan Patterson January 9, 2017, 9:58 AM PST

Image
1
of 11

istockcreativaimages.jpg
istockcreativaimages.jpg
Gallery: The top zero day Dark Web markets

How zero day exploits are bought and sold

Getty Images/iStockphoto

How zero day exploits are bought and sold

Kapustkiy won’t buy malware, but the hacker claims to sell zero day exploits, software loopholes that allow attackers to exploit software and networks. “I can’t name the site I use, but I think that most hackers would use the same [sites],” he said. Kapustkiy is a young, ideologically driven hacker who frequently tunnels into government and corporate sites. “I hack for political reasons,” he said in translated, broken English, “but make money sometimes from selling hacks.”

Zero day exploits are a major profit center for many hackers and are at the heart of underground cyberwar ecosystem. Though bug bounty programs are a common white hat practice for major websites and software vendors, under the clearnet is a thriving Dark Web market for malicious code. Malware and software bugs can sell for tens or hundreds of thousands of dollars on the Dark Web.

SEE: IT leader’s guide to the blockchain (Tech Pro Research)

Zero day bugs are valuable because of the high stakes for victims. Bugs in Flash or Windows grant hackers easy access to corporate systems. Malware in the form of Stuxnet was allegedly developed and deployed by the United States and Israel to attack Iran’s nuclear program, and Sandworm was allegedly used by Russian hackers to attack NATO.

To hack a major foreign embassy Kapustkiy claimed, for example, he “started by scanning the websites from the [embassy] websites to see which were related to the [primary site]. I got a huge list of around 20 domains and I saw that all of them were running on the same server and also had the same vulnerability. So I found a exploit in the web-server and I managed to hack [several sites]. It was very simple because all of the websites were running on the same server.”

WATCH: New search engine exposes the Dark Web (CBS News)

Enterprise companies and SMBs are vulnerable to a similar attack, he said, and sensitive corporate data is frequently swiped then sold on the Dark Web. “I just found a SQL [hole] in the website,” Kapustkiy said, “nothing special. They fixed [the hole] but I could still manage to hack the website with social engineering. The administrator was still using the same password and I could get access to a lot of his personal information.”

The hackers and groups in the market for zero day exploits are as diverse as the code they’re selling. Each actor has different methods of exploitation and uses a variety of sites to offload code in exchange for Bitcoin. Though Dark Web malware markets tend to appear then vanish, these are ten of the most well-known and widely used hacker websites and forms.

Before you hop on Tor and begin poking around, novices and experts alike should remember to exercise care and caution when visiting the Dark Web. Though many of these sites return benign content, much of the Dark Web is NSFW. TechRepublic does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Browse at your own risk. Never break the law. Use the Dark Web safely, and for legal purposes only.

Use the green arrows above to swipe between gallery items.

Read more:

  • Zero Days: Why the disturbing Stuxnet documentary is a must-see (TechRepublic)
  • Interview with a hacker: S1ege from Ghost Squad Hackers (TechRepublic)
  • ‘Down the Deep Dark Web’ is a movie every technologist should watch (TechRepublic)
  • Dangers of the Deep, Dark Web (TechRepublic / IBM white paper)
  • Infographic and interview: The explosion of cybercrime and how to protect your business (TechRepublic)
  • Inside the secret digital arms race: Facing the threat of a global cyberwar (TechRepublic)
  • Cyberwar: The smart person’s guide (TechRepublic)
  • How the Dark Web works (ZDNet)
  • Online sales of illicit drugs triple since Silk Road closure (CNET)
Getty Images/iStockphoto
Gallery: The top zero day Dark Web markets

​0day.today

​0day.today

A multisignature market, 0day.today (links requires Tor) is one of the most well-known exploit markets. It is frequently used to buy and sell leaked data and zero day exploits by independent, institutional, and government hackers.

Gallery: The top zero day Dark Web markets

​0day.in

​0day.in

Another multisig market, 0day.in is frequented by the underbelly of black hat hackers.

Gallery: The top zero day Dark Web markets

​Zerodium

​Zerodium

Founded by Vupen Security, a hacking group that exclusively sells exploits to government clients, Zerodium hopes to break open the burgeoning Dark Web market by listing and selling the top exploits with a clean and easy-to-use interface.

Gallery: The top zero day Dark Web markets

​The Real Deal

​The Real Deal

The well-designed The Real Deal Dark Web market is as slick as it is ephemeral. The site is frequently down yet makes buying malicious code easy with an Amazon-like interface.

Gallery: The top zero day Dark Web markets

​Darkmarket

​Darkmarket

Darkmarket is a popular Dark Web market that sells thousands of digital items, including stolen credit card information, corporate documents, and personal data.

Gallery: The top zero day Dark Web markets

​Alphabay

Image: AlphaBay

​Alphabay

With over a quarter million listings, including drugs and other illicit material, Alphabay is one of the largest Dark Web markets in the world. Though a bit passe for hardcore hackers, tens of thousands of stolen corporate documents are available on Alphabay at dirt cheap prices.

Image: AlphaBay
Gallery: The top zero day Dark Web markets

​L33ter

​L33ter

L33ter is one of the oldest Dark Web markets. Though the site sells drugs and other illegal items, L33ter specializes in selling digital goods, hacker tools, and exploits

Gallery: The top zero day Dark Web markets

​Rutor

​Rutor

Rutor.org is a Russian forum that serves as the middleman between Trust on the Dark Web, and Rutor, a Russian hacking forum, providing a place where sellers and buyers communicate.

Gallery: The top zero day Dark Web markets

​Scan4you

​Scan4you

Scan4you is a clearnet market that specializes in selling botnets, hacking tools, and anti-malware software.

Gallery: The top zero day Dark Web markets

​Dream Market

​Dream Market

Dream Market is a Silk Road knock-off and sells everything from drugs to code to stolen corporate data.

  • Security
  • Account Information

    Share with Your Friends

    Gallery: The top zero day Dark Web markets

    Your email has been sent

Share: Gallery: The top zero day Dark Web markets
Image of Dan Patterson
By Dan Patterson
Dan is a writer, reporter, and producer. He is currently a reporter for at CBS News and was previously a Senior Writer for TechRepublic.
  • Account Information

    Contact Dan Patterson

    Your message has been sent

  • |
  • See all of Dan's content

TechRepublic Premium

  • TechRepublic Premium

    Media disposal policy

    PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, ...

    Published:  March 30, 2023, 12:00 PM EDT Modified:  March 31, 2023, 11:06 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    IT email templates: Upcoming software release

    PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an ...

    Published:  March 30, 2023, 12:00 PM EDT Modified:  March 31, 2023, 11:29 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    Mobile app development policy

    PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit ...

    Published:  March 29, 2023, 12:00 PM EDT Modified:  March 30, 2023, 4:43 PM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    New client audit checklist

    PURPOSE This checklist from TechRepublic Premium provides a method for auditing and documenting a client site and assembling an inventory of systems and software, as well as giving you a framework for developing recommendations, applying costs to them, and storing all that information in one file. Tracking client contact details, circuit information, network equipment, cloud ...

    Published:  March 29, 2023, 12:00 PM EDT Modified:  March 30, 2023, 4:54 PM EDT Read More See more TechRepublic Premium

Services

  • About Us
  • Newsletters
  • RSS Feeds
  • Site Map
  • Site Help & Feedback
  • FAQ
  • Advertise
  • Do Not Sell My Information

Explore

  • Downloads
  • TechRepublic Forums
  • Meet the Team
  • TechRepublic Academy
  • TechRepublic Premium
  • Resource Library
  • Photos
  • Videos
  • TechRepublic
  • TechRepublic on Twitter
  • TechRepublic on Facebook
  • TechRepublic on LinkedIn
  • TechRepublic on Flipboard
© 2023 TechnologyAdvice. All rights reserved.
  • Privacy Policy
  • Terms of Use
  • Property of TechnologyAdvice