After tweeting in the United States v. Fitzpatrick (1:23-mj-00067) case, our previous Twitter handle @_IntelligenceX has been suspended. RIP.
Our official response to the suspension:
Β―\_(γ)_/Β―
#BreachForums#pompompurin
π₯ We added a powerful new feature to the Identity Portal: Reverse Lookup
You can now search for a domain or URL and get all leaked accounts for a particular service.
β‘οΈ Read more at blog.intelx.io/2025/01/03/neβ¦
We are officially an SSD only shop! π«±π»βπ«²π» Syncing the data took more than 1 year.
Our current highest capacity SSDs are 13.9 TB each, although the alphabet is still a limitation. π§΅β¬οΈ
We used to have these old monsters storing the data. They have space for 60 HDDs:
We are just finishing the work on one of our most powerful and important new features. It will be available to users with an Identity Portal license and in the beginning upon invitation only.
Registration is disabled to delete spam accounts. People are still trying to sign up with thousands of spam accounts to evade limits of our Phonebook API.
It would be much easier to just pay for a license! Β―\_(γ)_/Β―
We are decommissioning our oldest server still in use - from 2014, back then used at our previous startup Virus Tracker.
That server still holds up well (6 core 3.5 GHz, 128 GB RAM). The reason for its departure is consolidation.
We are performing server maintenance this week. ποΈ
Outages are not expected, but if that changes we will post the maintenance message on the website.
On Feb 26, 2022 we announced our support to the #Ukrainian people and government. This was 2 days after Russia's all-out war on #Ukraine. πΊπ¦
We proudly continue our support of the Ukrainian government. We commend the bravery of their soldiers.
Major usability update in our Export Leaked Accounts section:
πΉ CSV results can be now downloaded at anytime during the search. πΎ
πΉ Live count of records shown
This is useful in investigation cases that involve large datasets and many search results.
We have added a new category "DNS". It indexes DNS records data such as raw TXT records for domains. It stores already more than 200 million records.
β‘οΈ blog.intelx.io/2025/01/12/neβ¦
We are adding support for 18 TLDs, increasing our support to 574 TLDs:
- ad
- bs
- cv
- cw
- gf
- gn
- gw
- gy
- hospital
- ht
- iq
- krd
- mr
- mw
- om
- study
- tl
- tt
We have uncovered a pro-Russian network that was developing an operation to spread Russian influence and undermine security across Europe. Therefore we added two individuals and one legal entity to the sanctions list. Domestic authorities subsequently seized their assets.
The Czech Republic was at the beginning of this whole operation. Our work and efforts are leading to other countries in Europe investigating the activities of pro-Russian spy networks and gradually coming to more serious conclusions. One of them was revealed by Poland today for example. Actions in other countries will follow.
These are sensitive matters, surely, you will understand that I cannot share too many details. But I want to emphasise one thing. The actions we have taken in the last two days are the result of international cooperation, which we started and which we are successfully coordinating.
I am proud that it is we who have shown the strength and the ability to make timely and good decisions.
We do what it takes.
We have corrected the name of the bucket "Russia" to "Ukraine". It contains websites from the TLDs UA, KZ and RU. We started crawling those in 2019.
Intelligence X stands 100% behind Ukraine. πΊπ¦
I am thrilled to announce that @Mastercard is acquiring @recordedfuture for $2.65B. It has been an incredible journey, starting in 2007 when we wrote down the patent application for what became the Recorded Future Intelligence Platform.
Happy New Year 2οΈβ£0οΈβ£2οΈβ£4οΈβ£! π₯ππ
Our New Year's Special is live:
β‘οΈ 1 month full access for 100 β¬
β‘οΈ Order now: intelx.io/order ππΈ
This offer is only available for 1 week.
We just updated our Leaks API (used by the Identity Portal) to detect another format of leaked accounts.
This means the Export Leaked Accounts function will provide more results.
Data, if done right, absolutely has value. It's the precursor to information, which is the precursor to intelligence. And then actionable intelligence.
Oversimplifying this into "data has no value" leads to the contentious discussion in your thread.
Data absolutely has value.
We are adding support for the following TLDs for searching (domains, emails, URLs):
πΉ .auto
πΉ.bank
πΉ.bh
πΉ.bn
πΉ.jo
πΉ.kw
πΉ.lb
πΉ.sd
πΉ.mc
Reindexing existing data will take time.
Ok maybe we should retire this HDD? Been running for more than 8 years.
We are in the process of becoming an SSD only shop, although hardware supplier delays are throwing a wrench in our plans. π§
In the last 3 weeks newly added items in the "Stealer Logs" category were not searchable. They are being indexed now and will be searchable by end of the day.
This year we have been busy becoming an SSD-only shop. We will publish soon a blogpost about that journey.
We just bought a lot of 16 TB SSDs, some for 2000 EUR a piece. We tested Kioxia SSDs, but they are not as good as the Samsung and UltraStar ones.
Another fun fact is that the old HDD servers can weigh more than 70 kg. ππ»ββοΈ
SSDs are good, but far from perfect:
πΉ A few failed immediately, and needed immediate replacement
πΉCrazy performance drop off after bombarding 13.9 TB disks with 99% data, 1/2
We lied - indexing the backlog takes a few more days. 2 billion records have been added in the last 3 days (our servers are on fire π₯) and counting.
The greatest lie told to the public is that people make apps to sell data. Data has no valueβyou can buy a complete data set on the entire US population for under $10,000.
In reality, we actually do it to sell engagement. Attention is more valuable than a spreadsheet. And you only capture peopleβs attention by creating valuable & novel experiences.
This misconception has made people fear trying new products, which has hampered innovation in how we communicate and entrenched the positions of incumbent companies.
And it has also narrowed the audiences who developers can build for. So when you ask why there are so many silly teen apps, itβs because itβs one of the few audiences that havenβt been deluded by the narrative yet.
This change is live.
Daily search credits are now hard limits enforced by the Leaks API. Previously they were soft limits. We will work with customers on a case-by-case basis if additional search credits are needed.
Happy to answer! "Why pay 2k" β‘οΈ
β Receive a legitimate key, the one you quote was a free account which anyone can sign up for
β Paid users allow us to provide some data/services for free
On our end:
β Server costs (hardware, electricity, peering, etc)
β Humans need food too
Tomorrow we will add a new tab to our Identity Portal "API status".
It will list the daily credits available in the Leaks API, which strictly enforces the license assigned to the API key moving forward.
We are changing the API instance for all free users! New: free.intelx.io
The legacy API instances will stop working within 24 hours. You can always view your API details here: intelx.io/account?tab=develoβ¦ π
A blog post with all details follows.
We just pushed another update of the Identity Portal (version 8.1) that includes new algorithms to detect leaked accounts in multiline formats. π
This is especially useful for the 'Bot Logs' category which stores records in multiple lines.
Why would we keep such an old disk with little capacity (500 GB) you may ask?
So far there was no reason to retire it. We handle redundancy on application level (not on hardware level), protecting against any cause and source of fault.
essentially blocking all read/write. We do not know the exact cause, but for these high capacity SSDs at 1.2% remaining space they tend to completely start blocking. Perhaps manufactures reserve a crazy amount of space for garbage collection?
Firefox users: We have been affected by a recently introduced freak bug in Go [1] which prevented search results from being displayed properly. ππ»
It is now fixed. This bug was active for 4 weeks.
[1] github.com/golang/go/issues/β¦
We will think about it. The results shown are just meant as preview.
The end product is the CSV file which can be filtered and sorted client-side. The CSV file includes the Date field.
Today we are deploying internal updates to increase capacity. ποΈ
Recently there was a perfect storm of increased API usage and increased indexing activity (especially in the "Bot Logs" category).
We are dedicating resources to improve our product Identity Portal.
In the next few weeks there will be several releases to:
πΉ Improve parsing of "Bot Logs" data leading to more leaked accounts
πΉ Add date filters to UI
πΉ Inline view of files
I must bring the attention of @Info_IntelX to the fact that cybercriminals access their Identity Portal and conduct searches there. This enables another set of cybercriminals who commit ATO using the data they discover with IntelX.
It is, we are working daily on it. Most of the behind the scenes tech updates and improvements are not sexy enough to write blog posts about, although we'll soon publish some of the work done in the last few months.
We'll get to update the tool section soon.
The alphabet is still a major limiting factor. Disks can be mounted as folder paths but that's less convenient to manage.
The alphabet essentially only allows net 24 disks per server + system disk + spare letter needed for temporary disks.
A couple of months ago someone was actually selling counterfeit intelx API keys. At the time it included manipulated screenshots.
In this case the key is counterfeit too, there is no such thing as an "Intelx Admin API Key".
The error handling code has been changed. It calls EvaluateCurrentState prior to calling either IppSendError or IppSendErrorList.
Was there an unverified assumption in previous error handling code?
Regarding CVE-2024-38063 IPV6 RCE in Windows...
After reading RFCs about optional headers in IPv6 packets, I managed to create POC to cause a crash. The bug check in this case isn't too detailed, but essentially the underflow creates a large value used in a loop which eventually write data out of bounds and causes a crash.
I imagine this can be weaponized using heap massaging techniques and corrupting adjacent objects in the heap.
As many have already stated before, this can easily be mitigated by applying the latest patches or disabling IPv6 (which is enabled by default).
Your quote: "The jury are debating whether or not Kurtaj had criminal intent"
vs
"The jury were asked to determine whether or not he did the acts alleged - not if he did it with criminal intent"
Source: bbc.com/news/technology-6654β¦
Although our initial assumptions in 2018 were incorrect. We never completely filled up these beasts. HDD size per disk at scale grew quicker than our initial data growth.
But what about datacenter real estate? We have excess spare capacity in our 60-disk servers, and because we always buy the highest tier (currently 22 TB) for new disks, we ain't running out of physical space anytime soon.