Just as the rest of us enjoy the ease of obtaining all sorts of products provided by the countless e-commerce services, threat actors also seem to relish care-free, low-risk ways to buy illicit products. Buoyed by a desire to avoid falling victim to a scam, the cybercriminal community is apparently turning to dark web search engines as an initial starting point for a shopping spree.
This new trend in dark web market search engines, pioneered by the now-defunct Grams and followed by its likely successor Kilos, sees services offering a large index of marketplaces, vendors, listings, reviews, and advanced filter functions affiliated with the cybercriminal underground. Such search engines represent a one-stop ecosystem for their users. They make the shopping process for sourcing marketplace listings of verified and highly rated vendors seamless, thus avoiding getting scammed.
The newest kid on the block is Recon, a brand-new dark web search engine developed by “HugBunter”, the creator and administrator of the Reddit-style cybercriminal community Dread.
On March 2, HugBunter announced that Recon had been released in beta mode, highlighting that the launch of the search engine marked Dread’s first add-on service. According to HugBunter, Recon represents the culmination of significant archiving efforts ongoing since June 2018, with the aim of indexing as many dark web marketplaces, vendors, and listings as possible. To date, Recon has indexed 32 marketplaces; 23,000 vendors; 49,500 listings; and 1,400,000 reviews, although only six marketplaces are currently online: CannaHome, Cannazon, Empire, Monopoly, Versus, and White House Market.
The other 26 marketplaces are down, owing to a number of reasons not limited to: exit scams, law enforcement seizures, and the disappearance of administration members. This active-versus-offline ratio means that, despite impressive statistics, Recon’s utility for cybercriminals will be limited if they cannot access the sites for which they have viewed the listings.
Recon’s interface, showing current index statistics
Recon purportedly has an integrated API system that dark web marketplaces can use to share their public vendor and listing data, and vendors can even create a custom profile for USD 50. The service provides users with the capability to search across specified marketplaces for vendors, listings, and reviews that can be filtered by price, shipping locations, and specific queries.
Recon and Kilos unavoidably share similar features, owing to their shared inspiration from the Grams search engine―something HugBunter has freely admitted. These include a larger and ever-expanding index of marketplaces, vendors, listings, and advanced filtering options, as well as a more customer-friendly UI, when compared with Grams. As Recon only launched at the start of March, it has yet to offer many extra services to its users. Kilos, on the other hand, has added a live-chat function and a Bitcoin mixing service called Krumble since its launch in November 2019. HugBunter has said additional services and tools available to Recon users are in the offing, such as a “drug test warning”.
Positive feedback from Dread user DutchDrugz
At the time of writing, the Dread community has welcomed Recon, with users calling it an “awesome achievement”, a “successor to Grams”, and a “great resource” . A minority of Dread members has expressed concerns, relating to the possibility of law enforcement agencies using the search engine for reconnaissance purposes and to the indexing of “busted vendors”, whose arrests have featured in the media and with whom transacting could increase a buyer’s risk of also attracting law enforcement attention.
Though not extensively discussed outside Dread, the news of Recon has reached other forums. Recon has received largely positive feedback on Torum, where it has been described as a “really useful” dark web search engine, and as “Kilos and DarkNet Trust combined, and better”. Torum user “JoeSatriani”, in particular, has heavily promoted Recon in some of their threads, stating that Recon is “the safest way to find what you are looking for”, and that if buyers don’t use Recon they are more likely to get scammed by vendors.
Torum user JoeSatriani promoting Recon on Torum
If Recon follows the same trajectory as Kilos, not only will more threat actors use Recon’s services, as it becomes more widely known within the cybercriminal community, but Recon will also increase its index and add additional services in the short-term future (next three months). Should this come to pass, Recon would become not just a viable alternative, but a strong competitor to the other existing dark web search engines―Kilos, in particular.
Meanwhile, the cybercriminal community can continue to enjoy the increased ease of searching for and buying illicit products online, thanks to Recon and Kilos―until the next all-encompassing dark web search engine comes along.