Introduction

The Internet Archive has recently been subjected to significant cyberattacks, including a Distributed Denial-of-Service (DDoS) attack and a major data breach. These incidents have raised concerns about the security of digital archives and the potential misuse of compromised data.

Description

The Internet Archive has confirmed that it is currently experiencing significant cyberattacks, including a Distributed Denial-of-Service (DDoS) attack and a major data breach. The DDoS attack [3] [5] [7] [8] [10] [11], claimed by a pro-Palestinian hacktivist group known as SN_BLACKMETA [4], began on October 9, 2024, and lasted for at least 3 hours and 20 minutes [1], flooding the site with millions of simultaneous requests from at least three distinct IP addresses. The attackers employed two primary vectors: TCP reset floods, which trick computers into terminating their connections [1], and HTTPS application layer attacks that disrupt normal traffic flow. Concurrently [11], the breach compromised the user authentication database [7], exposing the data of approximately 31 million users [1] [9], including unique email addresses [1] [4] [5] [7], usernames [2] [6] [7] [9], password change timestamps [5], and Bcrypt-hashed passwords [1] [5] [8]. Notably, 54% of the affected accounts were already in the “Have I Been Pwned” (HIBP) database from prior breaches, raising concerns about potential misuse of this information [1]. Troy Hunt [5] [8], the operator of HIBP, confirmed the breach after receiving the stolen data nine days prior [8].

The Wayback Machine [1] [2] [3] [4] [5] [9] [10] [11], a key service of the Archive that preserves historical web content, has gone offline and is now operating in a provisional read-only state, processing 1,500 requests per second [3], while other functions of the Internet Archive remain offline as recovery efforts continue. Brewster Kahle [2] [3] [6] [7] [8] [9], the founder and CEO of the Internet Archive, confirmed the breach and noted that while the website was defaced [7] [9], the data itself had not been corrupted [9]. He indicated that the organization is actively working to restore services and enhance security measures to protect its information resources [6]. In response to the ongoing attacks, the Internet Archive has disabled its JavaScript library [2], scrubbed its systems [2], and upgraded its security measures [2]. Many resources on the Archive [11], including information about Palestine [11], have become inaccessible.

The attackers issued an antisemitic message asserting that the Archive “belongs to the USA,” expressing their motivations as a response to the US government’s support for Israel, which they accuse of engaging in actions they view as genocidal [4]. This incident coincides with the upcoming US presidential election and follows a series of DDoS attacks that began on October 10 [4]. SNBLACKMETA has previously been linked to attacks on various Israeli banks and a hospital where Israel’s Prime Minister was undergoing heart surgery [10]. Cybersecurity experts have identified SNBLACKMETA as a rising threat [9], potentially operating from the Veliky Novgorod region southeast of St. Petersburg [10], and having ideological ties to Sudan [9]. Analysts have noted that such attacks can inadvertently benefit large corporations critical of the Internet Archive’s practices [6]. The account SN_BLACKMETA [2], active on X [8], indicated that another attack was planned for October 10 [8], linking their actions to the US government’s relationship with Israel [8]. This account has a history with the Internet Archive [8], having previously claimed responsibility for DDoS attacks in May [8], which aligns with reports from Internet Archive staff regarding similar disruptions [8].

Founded in 1996 [4] [9], the Internet Archive is a nonprofit dedicated to preserving digital content and providing access to historical web pages through its Wayback Machine service [9]. Users are advised to change their passwords and remain vigilant against phishing attempts, as the attackers may have captured usernames and email addresses [7], although the passwords were encrypted [7]. Users encountered a pop-up from hackers mocking the site’s security vulnerabilities [5], stating, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened.”

Conclusion

The recent cyberattacks on the Internet Archive highlight the vulnerabilities inherent in digital preservation efforts. The breach has not only disrupted services but also exposed sensitive user data, necessitating immediate security enhancements and user vigilance. As the Archive works to restore its operations and bolster its defenses, this incident underscores the ongoing threat posed by cyberattacks and the need for robust cybersecurity measures to protect digital information resources.

References

[1] https://www.techradar.com/pro/internet-archive-is-still-not-fully-recovered-heres-how-the-attack-unfolded
[2] https://www.thehindu.com/sci-tech/technology/internet-archive-slowly-returns-to-normal-after-ddos-cyberattack/article68755624.ece
[3] https://gigazine.net/gscnews/en/20241015-internet-archive-wayback-machine-ddos-attack/
[4] https://www.cybersecurityintelligence.com/blog/internet-archive-cyber-attacked-by-pro-palestinian-hackers-7998.html
[5] https://nordictimes.com/tech/internet-archive-has-been-hacked/
[6] https://i-hls.com/archives/126132
[7] https://www.yahoo.com/news/internet-archive-under-attack-060320043.html
[8] https://www.polymerhq.io/blog/internet-archive-breach-what-we-know-so-far/
[9] https://www.wfmz.com/partners/afp/internet-archive-reels-from-catastrophic-cyberattack-data-breach/article
b35021ba-441d-5681-9308-d9542474457d.html
[10] https://www.heise.de/news/Cyberangriff-auf-Internet-Archive-offenbar-von-russischen-Hackern-durchgefuehrt-9983833.html
[11] https://9to5mac.com/2024/10/15/internet-archive-data-breach-exposes-31m-users-under-ddos-attack/