Entrepreneur develops hacked data search engine

A Portuguese entrepreneur is said to have developed a specialised search engine that can allow access to leaked or allegedly stolen access credentials.

US and UK join forces for cyber 'war games'
US and UK join forces for cyber 'war games'

One of the biggest problems with accessing the darknet - elements of the Internet that have not been analysed using conventional spidering search engines from the likes of Bing, Google and Yahoo - is that there are no real indexes to use. This makes the task of finding material on the darknet very difficult, unless you have a referred link/connection - or understand what resources you are looking for.

That task got a lot easier this week after a Portuguese entrepreneur – called ‘Dubitus' - released Indexeus, a specialised search engine that allows access to leaked and allegedly stolen access credentials to large elements of the net.

These credentials can also then be used to access elements of the Internet that are normally available to regular web browser users.

Dubitus claims, in fact, that the search engine has a searchable database of "over 200 million entries available to customers," with credentials data reportedly including user IDs, passwords, plus IP addresses and phone numbers.

Bizarrely, the KrebsOnSecurity newswire cites Indexeus' disclaimer, which says: "The purpose of Indexeus is not to provide private information about someone, but to protect them by creating awareness."

"Therefore we are not responsible for any misuse or malicious use of our content and service. Indexeus is not a dump. A dump is by definition a file containing logins, passwords, personal details or emails. What Indexeus provides is a single-search, data-mining search engine."

Even more curiously, Dubitus is offering to remove data - in a twist of the EU's `right to be forgotten' facility - on the Indexeus service for a dollar per record, payable using Bitcoin.

Whilst small-scale darknet indexes are nothing new (http://deepweblinks.org/), Indexeus seems to provide a bridge between the regular internet and a variety of databases collated from data breaches and other sources, as well as what appears to be elements of the darknet. 

Brian Krebs, the investigator reporter and founder of the KrebsOnSecurity newswire, asks the rhetorical question as to who are Indexeus's target customers?

He replies that they are likely to be users of hackforums.net, a huge forum that is overrun by `script kiddies' from around the world who are selling and buying a broad variety of services designed to help attack, track or otherwise harass people online.

"Few services are as full of irony and schadenfreude as Indexeus. You see, the majority of the 100+ databases crawled by this search engine are either from hacker forums that have been hacked, or from sites dedicated to offering so-called `booter' services - powerful servers that can be rented to launch denial-of-service attacks aimed at knocking websites and web users offline," he says in his analysis of the new service.

Krebs notes that Dubitus is also offering online training on `doxing' people - that is, working backwards from someone's various online personas to determine their real-life name, address and other personal data. The training costs US$25 (£15) and last two hours.

Who is Dubitus?

"When contacted via Facebook by KrebsOnSecurity, Jason Relinquo, 23, from Lisbon, Portugal, acknowledged organising and running the search engine. He also claims his service was built merely as an educational tool," said Krebs, quoting Relinquo as saying he wants Indexeus to grow and become a reference, "and at some point be a tool useful enough to be used by law enforcement."

Commenting on the arrival of Indexeus, Tim Keanini, CTO of Lancope, said that, wherever there is a large volume of data that needs an index, there will be opportunity for this type of service.

"No matter what side of the law you are on, the same basic information processing needs exist," he said, adding that netizens need to keep in mind that the data being gathered by the service here is public data.

Because of this, Keanini says that we can assume that there are many copies of the data, and which exist in many places, one of them being this search engine.

"Information is a non-trivial good in that, unlike a candy bar, if I sell it to you, I still have it. This makes the concept of ‘forgetting' a very localised concept. While your records could be expunged from one system, it still may exist on many others," he explained.

Keanini concluded that the darknet is a place that anyone with the time and know-how can explore.

"Anyone who organises this domain of information is going to be able to monetise it – especially if they concentrate on lowering the time taken to perform the task and the know-how required to accomplish the research," he said.