The Internet Archive, known for its Wayback Machine that captures billions of web pages from the past, is currently dealing with serious challenges. It has faced a major distributed denial of service (DDoS) attack on its infrastructure and a breach affecting 31 million users.
On October 9, visitors to the site encountered a pop-up notice created by the attackers. They claimed, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” The owner of HaveIBeenPwned, Troy Hunt, confirmed that he received a 6.4GB database from the hackers, which he’ll add to his service that helps people check if their data has been compromised.
By the early hours of October 10, Brewster Kahle, the Internet Archive’s founder, announced that they had pushed back against the DDoS attack for the time being. However, he revealed that the breach compromised usernames, email addresses, and hashed passwords. As of this writing, the Internet Archive’s website remains inaccessible. Kahle updated the public later, saying, “Sorry, but DDoS folks are back and knocked archive.org and openlibrary.org offline.” He emphasized the organization’s priority on data safety over service availability.
The hackers, calling themselves SN_BlackMeta, are a hacktivist group promoting pro-Palestinian causes. They claimed on social media, “The Internet Archive has and is suffering from a devastating attack,” stating they had consistently targeted the organization for several hours. Their justification is tied to political sentiments against the US government’s stance on conflicts involving Israel and Palestine. It’s important to note, though, that while the archive is based in the US, it operates as a non-profit and is not affiliated with the government.
Jake Moore from ESET noted that although it’s generally difficult to access historical data like this, this breach is unusual. The stolen information includes personal details, but at least the passwords are encrypted. He cautioned users to ensure their passwords are unique, as encrypted ones can still be vulnerable if reused.
Donny Chony from Nexusguard highlighted the growing trend of politically motivated DDoS attacks. He remarked that the landscape is changing, with hacktivists now targeting a wider range of organizations, not just businesses. A report from Nexusguard indicates that while the overall frequency of DDoS attacks has decreased, the size of these attacks has significantly increased.
With ongoing global tensions, particularly in the Middle East, we may see this trend continue, impacting critical infrastructure and the daily lives of many people. Chony advocates for better regulations in the industry to establish stronger DDoS prevention measures.