A new service designed by some anonymous white hat hackers has been launched recently and it allows anyone – including security researchers and hackers – to search for unsecured data stored in the cloud.
Contractors, governments, and telecom giants have all previously left data on exposed AWS (Amazon Web Services) servers, a popular cloud computing platform, and anyone could be able to easily access them without a username or password, using appropriate tools. Now, a search engine named ‘BuckHacker’ is making this process even easier as it lets one search for such exposed servers.
The Buckhacker plugin creates a Google-like search engine that’s able to trawl through AWS servers, in order to find those that are misconfigured and potentially host sensitive data that’s left exposed to the internet.
In an email to Motherboard, one of the anonymous developers of the service underlined the inspiration behind this project. He said that this tool can be used to test the security measures employed by web servers without any prior expertise in the IT security field.
“The purpose of the project is to increase the awareness on bucket security, too many companies was [sic] hit for having wrong permissions on buckets in the last years.”
The search engine is specifically focused on Amazon’s Simple Storage Service (S3), and S3 servers known as buckets. Users can search either by bucket name—which may typically include the name of the company or organization using the server—or by filename.
The developer explained that the service is basic but largely functional – It collects bucket names and their bucket’s index page, parses the results and stores it in a database, which can be searched later by other users.
As per the developers, the project is currently in the early stages of development and it’s pretty unstable.
“The project is still in a really super alpha stage (there are several bugs at the moment that we try to fix). I was sharing the project privately with some friends but unfortunately, then we go public before the time. Actually, we are even thinking to shutdown it because is quite unstable,” the BuckHacker developer said to Motherboard.
What do you think about this tool? Share your views in the comments section below.
