The Photon research team at Digital Shadows takes a deep dive into a new search engine used by cybercriminals on the dark web since November 2019, and which is called “Kilos”. The engine was derived from “Grams”, which was discontinued in 2017, leaving a big gap in the field. Kilos, however, is aimed at being a lot more powerful than Grams, hence the name. According to the researchers’ report, Kilos has indexed a lot more platforms than the Gram engine ever did, while it also comes with advanced features that are very rarely seen in darknet search engines.
In numbers, Kilos enables the user to search across six big darknet marketplaces and six popular forums. This includes 553994 forum posts, 68860 listings, 2844 vendors, and 248159 reviews. If the user wishes to search for something more specific, they may use queries to do it. Filtering by price, shipping origin, destination, specific markets, or even the supported currencies is also possible on Kilos. Of course, the numbers above are constantly growing, as the search engine is being actively developed and supported. In fact, the administrator is directly communicating with the users via IRC and on Reddit, so there’s a presence of the operator that is nowhere to be found in tools of this kind.
Under the hood, there’s a solid CAPTCHA system implementation that adds security against bots, a sophisticated search algorithm that has been optimized for faster lookups, and an advertising system that enables users to bid on listings directly from the search results. These features are showing a development effort and dedication to the project that is equivalent to “clearnet” engine projects. Kilos is not just a quick-grabber of attention and money, but something that has been created from the ground up to have a real impact in the field, and it does.
As for the future goals and aspirations, the Kilos administrator has previously announced that he/she is planning a new Bitcoin mixer service called “Krumble”, and which has already entered the Beta stage of development. Bitcoin mixing is done for the purpose of obscuring the ties between crypto coin holders and their real identities and is achieved by having random users exchange coins. Krumble is promising ultimate security and anonymity in this process, with randomized transaction delays and commission fees, and everything happening strictly on the TOR network.
Kilos is important for threat actors and security researchers alike, as being able to quickly get a grasp of what’s out there is crucial for both. Right now, the search engine is growing in size and capabilities at an impressive rate, so it’s getting attention from all sides. We can assume with certainty that agents of law enforcement authorities are also roaming the realms of Kilos, and they would have fewer reasons to try and kill it than to leave it be and take advantage of its power.