Indexeus temporarily tilted the odds in its favor – the search engine targeted hackers by listing their passwords and other information in its search results. The service wanted a dollar “donation” from each hacker listed to get their information removed from its search results.
The situation is the reverse of the typical hacker-search engine report. For the hackers, targeting a search engine is typically the more common situation than being the target of one. The reason why Indexeus decided to go forward with this campaign is in order to draw attention to the new search engine. The European Union-based search engine now allows free removal requests in compliance with the recent “right to be forgotten” ruling. Its campaign was meant to draw attention to the new search engine.
Like many hackers, the information Indexeus was threatening to reveal was illegally obtained. The site collects data from forums and repositories of information gathered by hackers. It has information from more than 100 data breaches. Indexeus’ function is to gather it in an attempt to get it removed.
Indexeus founder Jason Relinquo told Krebs on Security that he wants the search engine to be a tool to do good by providing information.
“I want this to grow and be a reference, and at some point by a tool useful enough to be used by law enforcement,” said Relinquo in his interview with the security blog. He continued that minors’ personal information could always be removed for free.