Kilos is a new dark web search engine that goes where Google doesn’t. It was first announced by its developer on Reddit on November 15, 2019: “Introducing Kilos, a new search engine for the darknet markets.”
Etay Maor, CSO at deep web threat intelligence firm IntSights, has taken a close look at Kilos. It is not the first nor the only facility for searching across dark web sites, with other services like Torch and TorLinks — but it offers extensive filtering capabilities for locating specific products from within numerous dark markets.
Kilos seems to have evolved out of an earlier deep web search engine, known as Grams. “Both clearly attempt to mimic the Google aesthetic, and they are both named after weight measurement units,” writes Maor. “However, this is where the resemblance between the two ends. Kilos has taken the search concept one step further to include forums, in addition to black markets.” It isn’t clear whether the same developers are involved, or whether Kilos is competing with Grams to be more heavyweight.
Kilos works by searching through multiple dark web markets for specified products. The visitor enters the required product or service, and the query is run through different markets and forums. “The interface is more advanced than other search facilities, with strong filtering options,” comments Maor. “For example, you can say ‘I only want to deal with people who can deal in Bitcoin, Litecoin or Monero — or can deliver to a particular country.”
It is already proving popular. Earlier this month, it claimed to be indexing 427,150 forum posts, 48,437 listings, and 1,993 vendors. At the time of IntSight’s investigation, it claimed to “have served 15,437 search queries since 10, Nov, 2019.”
The filtering capabilities are closely aligned with the filtering found in individual markets — suggesting that both leading markets and Kilos itself may be using the same filter engine. Kilos allows the user to search multiple markets at once without requiring pre-existing accounts with each market. When the right product is found and the choice is made, the user only needs to establish one market account to fulfill the order.
“But beware,” warns Maor. “When I set accounts with lower grade markets using a false email, I immediately had a warning that someone had tried to access my email account. Clearly, the market admins were using the password I set for the market to see if they could get into my email. There is no honor among thieves.”
One interesting aspect of Kilos is the provision of top search lists for the latest week. “The current list is dominated by drugs — which remains the main cause of dark web usage,” said Maor, “but lower down the list was evidence of searches for ‘gun’, ‘passport’ and ‘bank drop’ (that is, card details). Kilos helps locate the target. The user then simply has to join the market concerned to make the purchase.”
This raises the question of whether law enforcement could itself benefit from the existence of Kilos. “Everything that happens here to the benefit of the criminals could potentially benefit law enforcement,” said Maor. “For example, a jump in top-rated searches within a specific timeframe would indicate potential criminal interest — this could be relevant to new types of malware being promoted in forums. Knowing where products of interest are being sold could help investigations into the specific vendors, while the potential for correlating cryptocurrency movements might provide further insights.” The large agencies will already have their agents within the markets and forums — but the search engine might help aggregate the information they collect and make things a little easier.
One thing not currently clear is how Kilos will be funded. It is possible that it could take a small amount from the markets for promoting them. But it will almost certainly be through advertising from the sellers. A note on the home page is currently offering a free promotional advertising credit for vendors.
“The emergence of Kilos,” Maor told SecurityWeek, “demonstrates that the market economy in the dark web is still vital. While some criminals are moving to P2P to better hide from law enforcement, it is not a mass migration. Advanced sellers that know their buyers will use P2P; the rest will probably not. The advantage of vendor reviews and trust building within the markets will not be easily abandoned. Where there is no trust (if the buyer and seller don’t know each other) then markets can and do offer escrow services. Both the money and the product are placed in escrow, perhaps with the market’s admins, who fulfil the deal for a small charge.”
Related: Study Finds Rampant Sale of SSL/TLS Certificates on Dark Web
Related: Keeping it on the Down Low on the Dark Web
Related: 21 Million Stolen Fortune 500 Credentials For Sale on Dark Web
Related: How to Evaluate Threat Intelligence Vendors That Cover the Deep & Dark Web
