WEBINAR | From Deal to Defense: Unifying Cybersecurity Post-M&A
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Find cyber threats that have evaded your defenses.
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Brands of the world trust ReliaQuest to achieve their security goals.
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
The latest white papers focused on security operations strategy, technology & insight.
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
February 20, 2024
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
With the recent indictment of Larry Harmon, alleged operator of the Bitcoin tumbling service Helix and dark web search engine Grams, we decided to profile the follow-up to Grams: Kilos.
In November 2019, a dark web search engine called “Kilos” emerged from the depths of the cybercriminal underground to play the role of new heavyweight champion of search engines for cybercriminal marketplaces, forums, and illicit products. And with this title, Kilos recognized the need to stand out from the crowd and ensure its entrance onto the scene was not one to be forgotten.
Kilos possibly evolved from the well-known dark web search engine “Grams”, which ceased operations in 2017. Both Grams and Kilos are dark web search engines that clearly imitate the well-known design and functionalities of the Google search engine and, in a clever play on words, both follow a naming convention inspired by units of measure. Since going online in November 2019, Kilos appears to have taken on the task of indexing more platforms and adding more search functionalities than Grams ever did. In addition, Kilos has introduced updates, new features, and services that aim to ensure security and anonymity for its users and also add a more human element to the site not previously seen on other prominent dark web-based search engines.
Grams was launched in early April 2014 and proved extremely useful to cybercriminals and researchers alike before its indexing capability was shut down by the administrator, who announced their decision to take down the site in December 2017.
In essence, Grams was a search engine for dark web cybercriminal markets. By using custom APIs, Grams scraped several of the most prominent cybercriminal markets at the time, such as AlphaBay, Hansa, and Dream Market. It allowed users to search for multiple illicit products by using a rather simple search interface that also featured popular search engine-like functions such as “I’m Feeling Lucky”. Grams also allowed users to hide transactions for illicit products through its bespoke Bitcoin mixer service “Helix”.
Grams interface mimicking the aesthetics and functionalities of Google
Back in the day, Grams was a revolutionary tool that allowed users to explore the darker corners of the Internet with relative ease. However, its index was somewhat limited. According to its administrator—whom Wired interviewed anonymously in April 2014—the team behind Grams did not “have the capabilities yet to spider all of the darknet” and had instead resolved to work on “making an automated site submitter for people to submit their sites and get listed” on the search engine. The administrator added that the site “wanted to make it easier for advertisers to buy ads through an automated system”. They admitted that although the site “would love to hire a programmer”, it would be hard to find a programmer they could trust while maintaining anonymity.
Grand plans ahead by the looks of it, but come December 2017 the site had ceased collection, largely due to ongoing difficulty with marketplace collection, but also because of the time required for maintenance of the site and its services.
In November 2019, chatter started circulating on cybercriminal forums that a new dark web-based search engine was up and running under the name Kilos. Though it can’t be conclusively confirmed whether Kilos has pivoted directly from Grams or whether the same administrator is behind both projects, the initial similarities are uncanny. The same popular search engine-like aesthetics have been applied and the naming convention has remained.
Kilos search engine interface with advanced filtering options
So which functions does Kilos have to offer that justify its weightier name? Quite a few, as it turns out.
Kilos lives up to its name though in the sense that it allows users to perform even more specific searches from a larger index than Grams did, enabling users to search across six of the top dark web marketplaces for vendors, listings and reviews.
These marketplaces include CannaHome, Cannazon, Cryptonia, Empire, Samsara, and Versus. As shown in the image above, Kilos also appears to have a much more advanced filter function that allows users to create much more specific search queries, filtering on price, shipping origin and destination, specific markets, and displayed currencies. At the time of writing Kilos has already indexed the following from a total of seven marketplaces and six forums:
Kilos has thus managed to index an unprecedented amount of the dark web’s contents, with numbers that appear to increase by the day. It provides invaluable insight into the contents, products, and vendors of current prominent cybercriminal markets and forums. But it doesn’t stop here.
Since the site’s creation in November 2019, the Kilos administrator has not only focused on increasing the site’s index but has also implemented updates and added new features and services to the site. These updates and features ensure the security and anonymity of its users but have also added a human element to the site not previously seen on dark web-based search engines, by allowing direct communication between the administrator and the users, and also between the users themselves.
One of the new updates to the site is a new type of CAPTCHA that prompts users to rank randomized product and vendor feedback by their level of positive or negative sentiment. According to the Kilos administrator, this new type of CAPTCHA was implemented because of the added security it would provide the site as it is allegedly “harder to automate, both for machines and for CAPTCHA cracking APIs”. Other updates to the site include its search algorithm, which has been updated to allow for faster searches, and the advertising system, which has been changed to allow users to bid on listings directly from the listing page as a way of making the bidding process easier.
Kilos CAPTCHA task
The Kilos administrator has also announced a new Bitcoin mixer service called “Krumble”, which is now available in Beta mode. By having its own Bitcoin mixer service, Kilos is yet again matching—and perhaps even upping—the game compared to Grams. According to the Kilos administrator, Krumble takes great effort in ensuring user anonymity compared with other Bitcoin mixers by randomizing the transaction and commission fees, enforcing a randomized transaction delay, and only operating over TOR.
Bitcoin mixer service Krumble
The Kilos administrator has added features that allow for more direct communication, both between the users themselves and between users and the administrator. The administrator created an Ask-Me-Anything page on reddit in February 2020 on which they described themselves as “the owner of a search engine that indexes products for sale on the deep web”.
Next, a live chat function was added to the site that users could use to discuss a variety of topics with each other. According to an update by the Kilos administrator, the site team originally wanted to install an Internet Relay Chat (IRC) client for members to use, but due to an apparent reluctance by “the DNM community” to use an IRC client, they added the live chat function instead.. Although the contents of the live chat are partially accessible to any Kilos user, only registered site members who are logged in are able to use the function. So far members have used this functionality to ask for recommendations for vendors, look for specific products, advertise offerings, and discuss news and updates from dark web forums and marketplaces.
Kilos’ growing index, new features, and additional services combined could allow Kilos to continue to grow and position itself as a natural first stop for an increasingly large user base, whether it’s to find and purchase illicit products, search for specific vendors, look for reviews, or stay up to date on current news and updates on markets and forums. Assuming Kilos’ index and features will keep growing and developing at this pace, there will soon be much more data readily available for threat actors and security researchers alike. A lot of it. You could almost say tons of it…
If you’re interested in dark web monitoring, Digital Shadow’s Search Light (now ReliaQuest’s GreyMatter Digital Risk Protection) monitors across sources where criminals are active, no matter is that is on the open, deep, or dark web. This includes continually monitoring and indexing hundreds of millions of dark web pages, pastes, criminal forums, Telegram, IRC, and I2P pages.If you’d like to see your organization’s exposure on the dark web, you can request a demo with GreyMatter.
Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.