The Mysterious Disappearance, and Reappearance, of a Dark Web Hacker Market
Hacker market the Real Deal went mysteriously quiet, but is back online after one admin claims they got tangled in an FBI operation.
Last week, a dark web market for hackers appeared to totally vanish. Users of "The Real Deal" started to ask for explanations—any information that would give a clue as to the site's fate.
The market was listed as "shut down for unknown reason" on a site that tracks the dark web. The Real Deal Reddit account hadn't made any posts for nearly two weeks, and a contact for the site had not checked into the messaging service they usually used for 12 days. When Motherboard reached out to an administrator of the site earlier this week, he did not reply to repeated requests for comment.
This morning, however, an administrator of the site logged onto encrypted chat. "I am the only 'free' admin right now," the administrator, who previously used the same chat account to talk to Motherboard, said.
Hours later, the site was back online.
The Real Deal launched earlier this year, promising to provide a space for hackers to sell all sorts of cybercrime products and services. The site's listings advertised stolen databases, including one purporting to be from the recent breach of the Bitcointalk forum. The Real Deal also claimed to sell remote access trojans (tools for taking over a target's computer), cracked accounts, and a series of zero-day exploits.
Elsewhere on the site were offerings of cocaine, MDMA, LSD, and other drugs to be delivered straight to your door—a staple of dark web markets.
The administrator claimed that The Real Deal site had three owners including himself, and that all were arrested in the recent raids around another cybercrime hub, called Darkode. He said he had been released by the authorities, although he wouldn't discuss specifics around any charges, or lack thereof.
Darkode was an infamous private hacking forum which allowed the trading of sophisticated malware and other tools. Although it facilitated the exchange of goods between hackers, it didn't act as a marketplace; it was a space to simply connect buyer with seller. The Real Deal, meanwhile, is essentially a Silk Road for hackers, with payments processed in Bitcoin.
Earlier this month, during "Operation Shrouded Horizon," the FBI shut down Darkode. "It was, in effect, a one-stop, high-volume shopping venue for some of the world's most prolific cyber criminals," according to the FBI press release. With the assistance of Europol and a myriad of other law enforcement agencies, there were "charges, arrests, and searches involving 70 Darkode members and associates around the world," the release continued. The site has since relaunched.
"A critical part of our team could not operate due to Shrouded Horizon," the administrator said.
According to the administrator, The Real Deal was offline because the servers running it had not been paid for. The three owners were not targeted by law enforcement because of their work on The Real Deal, but for other crimes, he said.
The FBI and Europol did not immediately respond to Motherboard's request for comment. A spokesperson from the UK's National Crime Agency (NCA) said that the West Midlands Regional Organised Crime Unit arrested and bailed a 26-year-old-man from Coventry. "All remaining Darkode subjects arrested are currently on bail," the spokesperson said.
"The release terms disallowed using any kind of device with internet connection for 14 days," the administrator added in explanation for his absence. He also claimed that the authorities "found nothing related to the market on our devices, we follow quite strict precautions," although some users may be asking if it is wise to continue working with someone who has been arrested, or if their data is secure.
The administrator said that he was "truly and deeply sorry for any lost orders," and that he would be working to complete any that were outstanding.
The site wasn't offline for much longer. The administrator claimed that The Real Deal would be back up in 12 hours or less, and he was right: the site is functioning once again.
"We have some backups," he continued, "and we are going to carry on with the market. At least I am."