The ongoing cyberattack against the Internet Archive

The Internet Archive hasn’t been having a great time of it lately. Between several cyberattacks since the beginning of October and losing a major legal battle over its book digitization project’s infringement of copyright law, the digital library project’s future seems to be on shaky ground. 

Let’s look at the data breaches and what went down. 

It all began with a pop-up message

If you visited the Internet Archive on October 9, you were more than likely hit with a Javascript pop-up gleefully stating: 

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned, a site archiving data breaches where anyone can check if they’ve been a victim. Site owner Troy Hunt then confirmed that a breach had occurred in September, with 31 million unique email addresses and related usernames, bcrypt password hashes, and other system data compromised.

Besides the data breach, the Internet Archive had also been experiencing a series of DDoS attacks. The website was then taken offline, though site owners confirmed that all its data was safe. After a few days, it was back up again, but in a read-only capacity. 

Targeting Zendesk

Two weeks after the first breach, the Internet Archive was targeted via its Zendesk email support platform. Numerous people who had emailed the site for support in the past received an email from the hacker, saying: 

“It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.”

According to BleepingComputer, these exposed GitLab authentication tokens were part of the data stolen from the site in the initial breach.

Why target the Internet Archive?

So, what was the point of this attack? While there is no justifiable reason for a data breach of any kind, many have been scratching their heads trying to figure out the point of taking down an Internet resource that’s useful to just about everyone. While other breaches tend to target large organizations or government agencies, the Internet Archive is a non-profit with the goal of preserving Internet history. 

Although a group called SN-Blackmeta claimed to be behind the DDoS attacks, we don’t yet know who carried out the initial data breach or the Zen Desk breach. As for the reasoning, Jason Scott, an archivist and software curator at the Internet Archive, gave his perspective on Mastodon, saying: “according to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”

This aligns with BleepingComputer’s write-up, which discusses that while many threat actors perform data breaches for financial gain or political reasons, others are simply collectors of data breaches. This level of breach will most likely strengthen the hacker’s reputation among their peers and community. 

Up again for now

After a prolonged period of going online and offline again, the Internet Archive now seems to be back up and running. Hopefully, the site owners will continue to address the vulnerabilities that allowed hackers to take over in the first place.

Share on Twitter, Facebook, Google+