Introduction

The Internet Archive recently faced significant disruptions due to a series of distributed denial-of-service (DDoS) attacks by the Russian hacker group “SN_BLACKMETA.” These attacks aimed to highlight the situation of the Palestinian civilian population amidst the ongoing Gaza conflict. The incident led to a temporary shutdown of the Archive’s services to address security vulnerabilities.

Description

Most of Internet Archive’s services have resumed following a series of distributed denial-of-service (DDoS) attacks carried out by the Russian hacker group “SN_BLACKMETA.” The group claimed responsibility for the attacks to draw attention to the plight of the Palestinian civilian population amid the ongoing Gaza conflict. These attacks compromised the identifying information of over 31 million user accounts [1], including email addresses and encrypted passwords [1] [3]. In response to the breach, the organization temporarily took its entire website offline to enhance security measures [1].

As of October 18 [7], key services [1] [2] [3] [4] [7], including the Wayback Machine [1] [2] [3] [4] [5] [7] [8], Archive-It [1] [2] [3] [4] [5] [6] [7] [8] [9], and limited crawling activities for the National Library of the United States [4], are operational again [4] [7], although many other services remain offline for security reasons [4]. The Wayback Machine has resumed operations in a provisional [9], read-only manner [1] [2] [3] [5] [7] [8] [9], allowing users to access approximately 916 billion archived web pages [5], although a substantial portion of the Archive’s data—encompassing various media types such as books, software [2], images [2], videos [2] [6], and audio—remains unavailable [2]. Notably, access to older scans of obscure video game magazines has been particularly affected.

Email [1] [3] [8], blog [7] [8], helpdesk [7] [8], and social media communications are also back online [7] [8]. Despite being aware of the breach for two weeks [6], the Internet Archive has not rotated many exposed API keys [6], including a Zendesk token that grants access to over 800,000 support tickets [6]. The team is actively working to address system vulnerabilities and securely restore additional services, some of which may initially be available in read-only mode [7], as full restoration will take more time [1] [2] [7] [8]. A cautious and deliberate approach is being taken to rebuild and enhance security measures [8], prioritizing a stronger and more secure online presence for the Internet Archive.

This incident coincided with Google’s decision to integrate archive website links into the Wayback Machine [5], further enhancing user access to previous versions of websites and archived pages [5].

Conclusion

The DDoS attacks on the Internet Archive underscore the vulnerabilities faced by digital repositories in the current cyber landscape. While the organization has made significant strides in restoring key services, the breach highlights the need for ongoing vigilance and robust security measures. The Internet Archive’s efforts to rebuild and enhance its security infrastructure will be crucial in ensuring the long-term protection of its vast digital resources. The integration of archive links by Google into the Wayback Machine represents a positive development, potentially increasing accessibility and resilience against future disruptions.

References

[1] https://www.kcsm.org/npr-news/2024-10-20/hackers-steal-information-from-31-million-internet-archive-users
[2] https://www.theverge.com/2024/10/20/24274826/internet-archive-hackers-replying-zendesk-tickets
[3] https://www.npr.org/2024/10/20/nx-s1-5159000/internet-archive-hack-leak-wayback-machine
[4] https://www.heise.de/en/news/Cyber-attack-on-Internet-Archive-apparently-carried-out-by-Russian-hackers-9983840.html
[5] https://yourstory.com/2024/06/internet-archive-ddos-breach-31-million-users
[6] https://it.slashdot.org/story/24/10/19/0510225/internet-archive-services-resume-as-they-promise-stronger-more-secure-return
[7] https://www.infosecurity-magazine.com/news/internet-archive-wayback-machine/
[8] https://blog.archive.org/2024/10/18/internet-archive-services-update-2024-10-17/
[9] https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-slowly-revives-ddos-barrage