Canary will not charge you to find out if you’re affected by a breach (also we want volunteers)

News came out today that there are 1 billion usernames and passwords floating about from Russian gangs. An excerpt is as follows:

The firm that uncovered the breach, Hold Security of Milwaukee, said a group of about 20 hackers from south-central Russia are to blame. The group, dubbed “CyberVor” (“vor” meaning “thief” in Russian), stole data from thousands of businesses Web sites, both small and large, and even from personal Web sites.
[...]
It appears the firm initially planned to charge for its services. According to Forbes reporter Kashmir Hill, after the Times story ran Hold Security’s Web site advertised its services to potential victims of the breach for “as low as 120$/month [sic]” with a “money back guarantee.”
Wall Street Journal reporter Danny Yadron noticed Hold’s ad and tweeted about it. It was quickly taken down. A modified version has since appeared offering pre-registration for the free 30-day trial.

We at Canary do not like this idea as you as an individual should know about any compromise of your personal information without having to pay a broker for details.

As a result of this, we are announcing that by October, individuals will be able to sign up for a free alerting service. All that will be required from you is to sign up with an e-mail address you want monitored and we’ll go from there. In fact, go ahead and register right now and we’ll approve your account, allowing you to have it monitored right off of the bat once the service is active.

Commercial users are (for now) free to sign up in anticipation of the service but it is asked that you consider a donation to Canary’s parent organisation. Individuals are not requested to do this but are also free to support us as well.

Also we need help!

Canary would love to have financial support, but what right now is really needed more is data.

We want lots of data. We want to fill up hard drives with data.

If you’re interested in helping scrape, please contact us. We’re looking for data from the following types of sources:

  • Pastebin-like sites
  • Resources hosted via TOR
  • Message boards
  • Non-English-based websites

We also welcome other sources should you have the ability to access them and have an idea on how to send it.

Announcing the Canary API beta!

As you may or may not have noticed, Canary has undergone some drastic changes. Some of the changes include:

  • New logo and layout.
  • Performance boosts on the search engine itself.
  • A finer-tuned related search result for posts.
  • An improved user-interface for viewing found objects.
  • And last but not least, an API to interface with.

The API has been in the works since the creation of Canary and was to be introduced not too long after Canary was out of a ‘beta’ phase. The plan was to have it done by around summertime and well, we’re only a few days in and it’s now up and running!

If you’re wondering what Canary is, Canary is a search engine for data that has been posted on document-sharing websites. It takes the data, analyses it, and then stores it in a database. You can determine if any of the documents are linked to each other as well. Click here and give it a try!

Now, here’s the part you may be interested in: how do I get to use it?

Well, simply go ahead and register! Once that is done, feel free to tweet at me (@afreak) with your username and let me know that you’re interested–e-mailing us or responding to this post works too! At this time certain restrictions on e-mail accounts and how many searches and views you can make are relaxed, but get in early if you’re interested in playing around.

We also want to see what sort of ideas you have for Canary. An issue tracker has been launched and all you need is a Github account to make requests, report bugs, and so forth!

In the near future, we plan to provide details on what you can do with Canary so stay tuned for that as well.

Also, Canary celebrates its first year anniversary soon. Thanks to everyone who has helped on this project so far!

Brief update regarding registration

If you’re attempting to register, just let it be known that this is a test-run at the moment and accounts are not being accepted en-masse. We’ll update this blog once we’re ready to enable accounts, but feel free to register once you’ve read the guidelines.

Canary API is coming!

Hi all,

Just a brief update here: Canary’s API is coming along nicely and will soon be looking for testers. If you’re interested, please reach out to me via Twitter (@afreak) or e-mail me at general@afreak.ca.

I won’t be able to respond immediately but I will put you down on a list to contact.

Massive update and presenting at BSides Vancouver 2014!

I’ve been silent as of late! This should not indicate anything however with Canary as I have been actively developing it and tuning it to be better and more feature-rich. How about we cover what has been changed?

You can view all the changes now at: https://canary.pw

New features

Who done what? Related results!

canary_febupdate_01

This is the feature I have been wanting to have up and running since day one: related items.

Basically if you view a document, it will attempt to find anything related to it based on its content. There are still some features to be added to that functionality, but it’s quite possible you could suffer from the same problem that some people have when reading one Wikipedia article and finding that you’ve gone from My Little Pony to Adolf Hitler in two hops (try this if you’re curious about this).

Expanded search

canary_febupdate_02

The search has been moved to the top-right of the screen like in the old version but has been simplified to allow for you to look for other items in the process. Gone are the mentions of the bangs (they’re still there however) but ready to read is a help page.

I have removed the functionality that allowed for searching of phone numbers. The reason for this is quite simple: the false positives were quite problematic.

The bangs are fully documented now and have had some of their abilities extended. You can check out the Help page to see more.

Presenting at BSides Vancouver

I will be presenting at BSides Vancouver on March 11th. The talk will feature some of the origins of Canary and will also discuss some other related items. I definitely invite you to come out if you’re able to come to the conference.

I plan to submit this elsewhere so stay tuned for that.

Donations

I am looking for donations as I wish to expand the service. There is a plan to expand this service to allow for access via an API, but this won’t be available for a few more months.

You can submit a donation via the links on this page:

https://canary.pw/donate/

I also take DOGE if you wish to send me that as well. :)

The address for DOGE is DU8hYS4Z9Nb3fG155LfcnxMVjKzp3MJJsN.

Bug reports

Please let me know via Twitter (@afreak) or via IRC (afreak on Freenode) if you wish to let me know of a problem. At the time of this writing, I am aware of the problem with the left column links when viewing the page, but I have a fix due for tomorrow.

Performance improvements

Small update here, but the performance of Canary has been drastically improved. Some changes were made to the database structure and data retrieval and it is now much, much faster. In addition, the hash searching is a lot more refined and will give far more accurate results.

There is a large feature coming to Canary in the next month or two so stay tuned!

New feature! Hash searching

Canary went through a bit of an upgrade to improve its back-end services and with that came a new feature: hash searching!

It works like this:

!hash 5f4dcc3b5aa765d61d8327deb882cf99
!hash password hacked

Both will give you results based on your request. You can use SHA or MD5 hashes or just generic keywords.

I was going to slip in a new feature but that will be included in a minor update in the coming weeks.

Also, I will be at VanCitySec’s special August event speaking about Canary (very brief mind you) and will be open to meet with anyone who wants to ask questions. :)