Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

Search Engine Aims to Make Dark Markets More Accessible

Two years after the administrator of the Grams search engine shuttered the service, another search engine for finding questionable and illegal goods on the Dark Web has opened up shop.

An anonymous developer has created a search engine for the Dark Web that will make searching for questionable and illegal goods and services easier, borrowing from the previously popular Grams search engine that shut down two years ago, according to an analysis of the service published today by Digital Shadows.

The search engine, dubbed Kilos, borrows a lot of design elements from and improves on the functionality of the Grams search engine, extensively indexing six different dark markets. While other search engines have appeared over the past few years — such as Ahmia, Onion Search Engine, and Fresh Onions — Kilos appears to trump them in terms of functionality, says Alex Guirakhoo, strategy and research analyst at Digital Shadows, a provider of risk protection solutions.

"Since 2017 there have been several Dark Web search engines that each offer varying levels of functionality ... many of these have been fairly basic and incomprehensive in their coverage," he says. "Kilos has received a lot of attention on both cybercriminal and mainstream platforms due to its customizability and range of sources."

The Grams search engine used custom APIs to collect information on products and services sold in a handful of major dark markets. Such markets are made up of sellers of gray market and black market goods and services on the Dark Web, which uses TOR or another anonymization service to keep users identities and the source of  transactions a secret. In addition, the developers had paired the service with a bitcoin "tumbler" or "mixer," a method of combining bitcoin transactions into pools to anonymize the identities of the buyers. 

In December 2017, the search engine shut down due to the difficulty in collecting information and the burden of maintaining the site, Digital Shadows stated in the analysis. Yet the bitcoin mixer service, named Helix, attracted the attention of US federal prosecutors, which led to the indictment of 36-year-old Larry Harmon of Akron, Ohio, in February on three counts of money laundering and financial crimes for anonymizing more than $300 million in transactions. 

"The sole purpose of Harmon's operation was to conceal criminal transactions from law enforcement on the Darknet, and because of our growing expertise in this area, he could not make good on that promise," said Don Fort, chief, IRS Criminal Investigation, in a statement announcing the charges on Feb. 13. "Working in tandem with other sites, he sought to be the 'go-to' money launderer on the Darknet, but our investigators once again played the role of criminal disrupters, unraveling the interlinked web from one tentacle to another."

Kilos' developer appears to be following Harmon's playbook. In addition to the search engine functionality, the developer also announced its own bitcoin mixing service, dubbed "Krumble." 

"According to the Kilos administrator, Krumble takes great effort in ensuring user anonymity compared with other Bitcoin mixers by randomizing the transaction and commission fees, enforcing a randomized transaction delay, and only operating over TOR," stated Digital Shadows in its advisory.

The company theorizes that the two projects may have some of the same backers or developers. The similarities extend just beyond the design of the sites and the pairing of a search engine with a cryptocurrency mixer, says Digital Shadows' Guirakhoo.

"If the two do not share the same creator, it's also possible that Kilos' design seeks to capitalize on the popularity of Grams," he says. "This is common with cybercriminal marketplaces."

In addition, to help prevent denial-of-service attacks and competitors from scraping, the developers of Kilos have implemented a CAPTCHA that asks users to rank product and vendor feedback by whether the review is positive or negative. The CAPTCHA serves a secondary function as well, giving the developers additional data to train the software's machine learning algorithm and improve the search function, Guirakhoo says.

"The site's administrator uses the responses to train the search engine's sentiment classifier, which rates results based on an assigned sentiment value to help ensure the highest quality listings are prioritized," he says.

The service gives defenders a view into how illegal and gray market sellers and services continue to improve. Digital Shadows predicts that the service will continue to improve, but given US investigators' takedown of the Grams and Helix services, Kilos and Krumble tempt a similar fate, Guirakhoo says.

"Unlike legitimate software, there is little incentive for the creators of ethically questionable services to be transparent in their development," he says. "These are typically homegrown projects, managed by a select few individuals."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The Perfect Travel Security Policy for a Globe-Trotting Laptop."

 

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...