Indexeus, the search engine which menaced hacking community

Pierluigi Paganini July 23, 2014

Indexeus is a new search engine that indexes user account information acquired from data breaches, including hackers’ accounts stolen in the underground.

A new search engine for underground hacking dubbed Indexeus has been launched, it retrieves all the available information on user account acquired from hundreds recently data data breaches. The data collected includes information on malicious hackers stolen recent hack, including Adobe and Yahoo!

The search engine Indexeus was developed by the Portuguese Jason Relinquo, a 23-year-old hacker which has built a searchable archive containing “over 200 million entries”. Relinquo has collected a huge amounts of data related to the accounts used by hackers, including IP addresses, email addresses, usernames, passwords, physical addresses, birthdays and other many other personal information.
“This is a service which provides easy access to hundreds of databases, which is very useful if you don’t want to bring your databases around or if you just don’t have any,”  “The goal is to make people realize that using the same information all over is stupid and will lead to you getting your information stolen, but also showing you how badly administrators keep your private data stored.” reports the Indexeus website.
Almost all the information proposed by the young guy on malicious hackers come from data breaches and hacks of popular hacking forums, it is considerable today the largest database of hackers’ personal information publicly available.
The Indexeus search engine also includes data belonging members of hackforums[dot]net, the hacking forum attended by script kiddies who are offering and buying different hacking services.

Recently another search engine captured the attention of security community, Grams Darknet Market Search Engine, specialized for researches in the underground markets, including BlackBank, C9, Evolution, Mr. Nice Guy, Pandora, The Pirate Market, and SilkRoad2.

 

Indexeus search engine

 

The Relinquo’s initial idea is that any hacker that desires to remove its credentials and data from the archive or blacklist himself from the search engine have to pay $1 per record, an economic demand for those wishing to operate in the shadows that will not be accepted willingly. Of course, this is not legal and violates directive like the EU’s “right to be forgotten“. After the popular blog Krebson Security discovered the search engine, Relinquo has changed the terms of service requesting so that users don’t have to pay to remove or completely blacklisted them from the Indexeus.

We’re going through some reforms (free blacklisting, plus subscription based searches), due some legal complications that I don’t want to escalate,” Relinquo wrote in a chat session. “If [Indexeus users] want to keep the logs and pay for the blacklist, it’s an option. We also state that in case of a minor, the removal is immediate.” states the new TOS.

The Indexeus website also seeks to sensitize its members on security issues and how they data are managed by administrators of various web services they access.

 “The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service.” states the disclaimer on the search engine website.

Anyway Indexeus website was rapidly targeted by other hackers, a few days ago the search engine was defaced by hacker group Pernicious Developers which also deployed a backdoor shell on the website.

“This is the Original Pernicious Developers, we’re still here. Even if you don’t know which version of the group who did this.” states the defacement left by the hackers.

In time I’m writing indexeus.org is down.

 

indexeus hacked

 

 

indexeus website-hacked

It’s  my opinion that privacy in today’s society is utopia, search engines like Indexeus are the demonstration that it is quite easy to collect information also on individuals with a a considerable skill.  Data breaches represent an amazing source of data that could be easily obtained and analyzed by mining tools to discover also hidden links between accounts and individuals in the cyberspace.

What do you think about online privacy?

Pierluigi Paganini

Security Affairs –  (Indexeus , hacking)



you might also like

leave a comment