“Kilos." A new dark web search engine that has quickly become the “Google” for cybercriminal marketplaces, forums and illicit products. Why is this new cybercriminal engine quickly becoming popular and what are the threats that security researchers and operations team face with Kilos?
After the recent indictment of Larry Harmon, alleged operator of the Bitcoin tumbling service Helix and darknet search engine Grams, Digital Shadows decided to profile Kilos. According to the firm, in November 2019, "Kilos" emerged from the cybercriminal underground and has become one of the most sophisticated dark web search engines to date, having indexed more platforms and added more search functionalities than other search engines while introducing updates, new features, and services that ensure more security and anonymity for its users. Kilos also maintains a stronger human element not previously seen on other prominent dark web-based search engines, says a new Digital Shadows blog.
"Kilos possibly evolved from the well-known dark web search engine “Grams”, which ceased operations in 2017. Both Grams and Kilos are dark web search engines that clearly imitate the well-known design and functionalities of the Google search engine and, in a clever play on words, both follow a naming convention inspired by units of measure," writes the firm.
Grams was launched in early April 2014 and back in the day, says Digital Shadows, "Grams was a revolutionary tool that allowed users to explore the darker corners of the Internet with relative ease. However, its index was somewhat limited. According to its administrator—whom Wired interviewed anonymously in April 2014—the team behind Grams did not “have the capabilities yet to spider all of the darknet” and had instead resolved to work on “making an automated site submitter for people to submit their sites and get listed” on the search engine."
Now, Kilos enters the cybercriminal sphere. "Though it can’t be conclusively confirmed whether Kilos has pivoted directly from Grams or whether the same administrator is behind both projects, the initial similarities are uncanny. The same popular search engine-like aesthetics have been applied and the naming convention has remained," says the blog.
Why is Kilos more threatening than Grams? It is allowing users to perform even more specific searches from a larger index than Grams did, enabling users to search across six of the top dark web marketplaces for vendors, listings and reviews. These marketplaces include CannaHome, Cannazon, Cryptonia, Empire, Samsara and Versus.
According to Digital Shadows, Kilos has already indexed the following from a total of seven marketplaces and six forums:
- 553,994 forum posts
- 68,860 listings
- 2,844 vendors
- 248,159 reviews
Since the site's creation in November 2019, the Digital Shadows team writes that the unprecendented amount of dark web content found in Kilos appears to increase by the day, providing invaluable insight into the contents, products, and vendors of current prominent cybercriminal markets and forums - thus adding "a human element to the site not previously seen on dark web-based search engines, by allowing direct communication between the administrator and the users, and also between the users themselves," claims the blog.
New updates to the site include:
- A new type of CAPTCHA that prompts users to rank randomized product and vendor feedback by their level of positive or negative sentiment for added security.
- A new Bitcoin mixer service called “Krumble”, which is now available in Beta mode, to ensure user anonymity compared with other Bitcoin mixers.
- Added features that allow for more direct communication, both between the users themselves and between users and the administrator.
- A live chat function to allow users to discuss a variety of topics with each other.
Digital Shadows warns that Kilos’ growing index, new features and additional services combined could allow Kilos to continue to grow and position itself as a natural first stop for an increasingly large user base - further increasing the amount of data readily available for threat actors and security researchers alike.
Harrison Van Riper, Threat Research, Team Lead at Digital Shadows, tells Security Magazine that, "Dark web search engines bring more visibility to criminal platforms which, in turn, direct more traffic and lead to more sales from marketplaces or forums, which could increase the risk to organizations. Criminals looking to find sensitive documents or credentials for sale on the dark web can use Kilos to search across different marketplaces to find their goods, increasing the likelihood of account takeovers or the impact of a data leakage, for example."
Van Riper notes that search engines have "transformed the way everyday people use the internet when they were introduced, giving users freedom to search for the exact information they were looking for. That same innovation translates to cybercriminals as well, a topic Digital Shadows heavily covered in our blog detailing the similarities between the real world and cybercriminal underground https://www.digitalshadows.com/blog-and-research/how-the-cybercriminal-underground-mirrors-the-real-world. These sites were made intentionally difficult to find unless you already had an idea of where you were going to begin with, however, a search engine with the ability to look across multiple sources could give more malicious actors opportunity to conduct more attacks," he says.
For more information and the full blog, please visit Digital Shadows blog, Dark Web Monitoring: The Good, The Bad, and The Ugly.