Indexeus, a new search engine, is turning the tables on hackers by exposing their exploits. The search engine crawls and indexes mostly Web sites frequented by the hackers.
Indexeus allows searchers to query millions of records from some of the larger data breaches, including Adobe and Yahoo. The results list information including email addresses, usernames, passwords, Internet address, physical address, birthdays and other information associated with the accounts.
The site boasts logging 10 million entries, and growing, but security expert Brian Krebs estimates there are more than 200 million entries. He describes those behind Indexeus are "a gaggle of young men in their mid- to late-teens or early 20s --envisioned the service as a way to frighten fellow hackers into paying to have their information removed or 'blacklisted' from the search engine."
Searches initially cost one credit or $0.50, whereas a blacklist costs 10 credits, for all searches. If the searcher doesn't have money to blacklist themselves, they can have the data removed for free by providing proof that includes a photo ID, photo of parent ID or proof of owning the email address. The site also describes how to purchase credits.
The original model requires donations paid in Bitcoin to remove the entries and buy insurance against having their information indexed by search engines in the event of a future database leak. Not for those living in the European Union, however. Indexeus founder Jason Relinquo tells Krebs that blacklisting is now free because of the European Union's right to be forgotten law. He can't charge for something the search engines are giving away for free.
The purpose of Indexeus is not to provide private information about someone, but to protect them by creating awareness, per the company's Web site. "The goal is to make people realize that using the same information all over is stupid and will lead to you getting your information stolen, but also showing you how badly administrators keep your private data stored."
Indexeus' customers are mostly unskilled hackers Krebs calls script kiddies, a term describing malicious hackers learning how to write their own programs to attack computer systems and networks.