The not-for-profit digital library Internet Archive has been taken offline by its creators after a targeted hack involving both a data breach and DDoS attack drew the security of its users' data into doubt.
A taunting JavaScript alert was the first sign something was amiss, splashed over “The Wayback Machine” website.
Concerned users then referred to the “Have I Been Pwned” data breach notification website, otherwise known as HIBP, to confirm if the hack was legitimate.
The website monitors data breach uploads around the web, matching email addresses to alert users when their data has been compromised and shared.
Troy Hunt, creator of the HIBP website, told tech news website BleedingComputer that he received the Internet Archive’s 6.4-gigabyte authentication database 10 days ago.
It contains the email addresses, screen names and encrypted Bcrypt-hashed passwords for 31 million unique users, many of whom were already subscribed to the HIBP notification service.
“Hacking the past is usually technically impossible but this data breach is the closest we may ever come to it,” ESET global cybersecurity advisor Jake Moore said.
“The stolen dataset includes personal information but at least the stolen passwords are encrypted.”
The Internet Archive is an American-based not-for-profit digital library founded in 1996. The website offers free and open access to collections of digitised materials including websites, software applications, music, audiovisual, and print materials. The Archive also advocates for a free and open Internet with a commitment to providing “universal access to all knowledge”.
As of September 2024, The Archive held more than 42.1 million print materials, 13 million videos, 1.2 million software programs, 14 million audio files, 5 million images, 272,660 concerts, and over 866 billion web pages in its Wayback Machine.
DDoS attacks continue
Yesterday, Internet Archive founder Brewster Kahle took to X to acknowledge that the data breach and DDoS attack had occurred.
Initially, Kahle stated the organisation had fended off the DDoS attack and taken steps to disable the JavaScript library access for its website, scrub its systems and improve security.
Just hours later, he returned to announce they had taken both Archive.org and Openlibrary.org offline altogether after another DDoS attack.
Sorry, but DDOS folks are back and knocked https://t.co/Hk02WjumkL and https://t.co/Xb2ku5dgZs offline. @internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability.Will share more as we know it.
— Brewster Kahle (@brewster_kahle) October 10, 2024
DDoS or distributed denial of service attacks are a way of disabling websites by bombarding them with requests from an array of devices, flooding bandwidth and overwhelming servers until websites are unable to function.
They don’t require internal access to a website to achieve this – instead, hackers often covertly recruit innocent users' devices by infecting them with malware.
The infected devices – which could be something as innocent as a smart fridge or an internet-compatible e-reader – then become part of the network used to attack websites by overwhelming them with access requests.
Politically motivated "hacktivists"
Ironically, it’s unlikely the data breach and DDoS attacks originate from the same threat actors.
“Distributed Denial-of-Service attacks often suggest political motives, and the attack on the Internet Archive is no exception,” Nexusguard director Donny Chong said.
“While the identity behind the data breach exposing 31 million users remains unclear, the pro-Palestinian hacktivist group Black Meta has claimed responsibility for the DDoS attacks that took down The Internet Archive.”
Black Meta posted to X to claim credit for the attack, insisting the Internet Archive is owned by the US government, and that the attack was in retaliation for their support of Israel.
The response from X users was entirely one-sided, criticising the group for attacking a not-for-profit that directly supports open-source information and the preservation of knowledge.
Really? Looks like you are lashing out at the wrong ones. The internet archive is not a gov organization, but a non-profit. And afaik the only ones preserving web history neutrally.— Andreas Finger (@mediafinger) October 9, 2024
“I understand protesting, but what you are doing is a crime,” commented another user.
“Congrats, you just took off one of the most materially valuable pieces of information on this planet for a false cause,” said another, “You want awareness for Palestine? Where do you think all the journalism on war crimes goes after it’s scrubbed from the internet?
“This ain’t it chief.”
At present, the Internet Archive website remains offline. It remains to be seen whether the organisation will be able to fend off the targeted attacks and restore its services.