Debate Magazine

Sale of Zero-Day Exploits Declining on the Dark Web

Posted on the 16 October 2018 by Darkwebnews @darkwebnews

In the past, zero-day exploits were very popular across the dark web, but the same is no longer the case as experts revealed that the sellers of the service have reduced by more than 10 times.

According to a recent analysis of zero-day services on the dark web by FireEye, a cyber intelligence firm, there were only three zero-day sellers on the darknet as of 2018.

The figure is meager as compared to 2013 when at least 32 vendors were selling the service, says FireEye Vulnerability and Exploitation Manager Jared Semrau.

Reasons for the Decline

Semrau further went ahead to explain why the number has declined by more than 10 times in a span of just five years.

One of the reasons is that the high number of arrests of individuals using the darknet to sell their products.

The other is that since companies are taking the security of their products seriously, they tend to be more cautious.

Then there are manufacturers and security firms increasing their bug bounty programs in a bid to have more individuals with the requisite skills checking the security of their systems.

The result is that attackers will dwell on identifying vulnerabilities because they are guaranteed a payout in the event they find one.

As an example, platforms such as Zerodium purchase exploits from hackers and at times sells them to the manufactures at a higher cost.

One of the most notorious instances was in 2016 when Zerodium said it was willing to pay up to $1.5 million to anyone who can remotely hack into an iPhone device.

Then in 2017, Zerodium put out a call for Tor browser zero-day exploits, with a $1 million payment in return.

Up to now, Zerodium and other cybersecurity companies are paying handsomely for zero-day exploits driving clients out of darknet markets and in the end, those hackers who would offer the service end up working for cybersecurity firms.

The Zero-Day Market

Zerodium reveals that most of its clients include government bodies and private companies, especially those operating in finance, technology and defense.

By offering their services, government bodies and law enforcement agencies can compromise devices in the event of an investigation.

On the hand, private entities seek to eliminate weaknesses in their products, hence the reason why they offer a bounty program.

For Zerodium, those interested in selling vulnerabilities can do so depending on the level of sophistication involved.

In some instances, the company has increased their payouts for some exploits which if they have; they can sell it at a higher price.

It also seems that many entities are interested knowing exploits in certain systems that the subscription of the same is about $150,000 per month, according to a paper from MIT researchers published earlier this year.

By subscribing, one will get exclusive access to the zero-day exploits.

Hackers who have also successfully initiated hacks of high magnitudes over the years also tend to offer services of testing systems at a cost since they have proved their capability.

To generalize the whole situation, vulnerabilities are valuable-especially when a large company is involved.

Since such giants have a high motivation to protect their data, which if compromised can lead to reputational and financial damage, they are willing to part with a considerable amount.

How Exploits Work

Immediately after the launch of a hardware or software, hackers dive in to look for weaknesses in the system which they can exploit to their advantage.

The same is the case with almost any existing website offering valuable services.

For a zero-day exploit, the hack on a platform happens on the same day that the attacker has discovered the weakness.

However, if the attacker decides to report the flaw to the company, they can be rewarded handsomely.

So immediately after the company is informed of the flaw, they are quick to correct it.

Depending on the type of system they have created, they can recall the devices by requesting their customers to upgrade the current software to the latest version for security purposes.

What Happens If the Hacker Does Not Report the Weakness?

After the discovery of the vulnerability by a black hat hacker, the next step is to take advantage of it and compromise the system.

It is this factor that makes organizations, government agencies and other entities suffer the consequences in the event their systems become victim.

Since in most cases, security flaws are not handled instantly; attackers tend to have time to inflict some damage on a system.

This has pushed various parties, such as law enforcement agencies and even cybersecurity firms, to call upon extra caution in handling specific information.

The same parties have also called for additional security measures such as the use of two-factor authentication in a bid to prevent unauthorized access to their systems.


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

You Might Also Like :

Back to Featured Articles on Logo Paperblog

These articles might interest you :

  • Big Food Giants Manipulate Public Health Policy in China

    Food Giants Manipulate Public Health Policy China

    Coca-Cola is at it again. As soda sales decline in the United States and Europe, beverage companies look to emerging economies like China for growth. And, it... Read more

    The 15 January 2019 by   Dietdoctor
  • Jewellery for a Precious You

    Jewellery Precious

    Jewellery is always close to a woman’s heart. It completes her look and boost confidence. Considering the changing trends in jewellery fashion, it becomes... Read more

    The 15 January 2019 by   Dr.jenifer Sayyed
  • Rajshri Productions’ Next Is A Film On Friendship | Hum Chaar | Trailer

    Abhishek Dixit’s debut feature film Hum Chaar is a Bollywood film made under the banner of Rajshri’s film. Hum Chaar is written and directed by Abhishek Dixit. Read more

    The 15 January 2019 by   Themoviean
  • Saint Paul the First Hermit

    Saint Paul First Hermit

    Today is the feast day of Saint Paul the hermit. This is a sweet and delicate Oatmeal Bread topped with rolled oats and naturally sweetened with agave. Saint... Read more

    The 15 January 2019 by   Veronica46
  • Irupathiyonnaam Noottaandu | Teaser | Pranav Mohanlal | Arun Gopy

    Arun Gopy’s Irupathiyonnaam Noottaandu is an upcoming Malayalam action-drama feature film starring Pranav Mohanlal and Zaya David in the lead roles. Read more

    The 15 January 2019 by   Themoviean
  • A Year Of Body Positivity

    Year Body Positivity

    Last January, as I sat there on New Years eve all set to make the same old resolutions I've made year after year for as long as I can remember, I realised how... Read more

    The 15 January 2019 by   Sparklesandstretchmarks
  • Garden Bloggers Bloom Day – Jan 2019

    Garden Bloggers Bloom 2019

    Euphorbia rigidaWhen I went out to take the photos for this blog post I was surprised at how much was in flower dotted around the garden. Read more

    The 15 January 2019 by   Patientgardener