What happened to Internet Archive?

You know how people often say that nothing really gets deleted from the internet? There are good reasons for that. For one, data can be saved on many different devices, so even if you delete something on your phone or computer, it might still exist somewhere else. Plus, people often take screenshots or record content, which means it can be saved and shared even after it’s been taken down. A lot of data is also stored on remote servers, which makes it hard to fully erase anything.

One significant player in this realm is the Internet Archive (IA), a nonprofit digital library that preserves and offers free access to a ton of old digital content. However, this organization faced a major security crisis recently. In October, they experienced several data breaches, with the most alarming one occurring on October 20, marking the third cyberattack in just a few weeks.

The trouble started on October 9, when hackers accessed the IA’s systems and stole source code and personal information from around 31 million users. The situation escalated further with another attack in the middle of the month. Users on the IA website began posting screenshots showing that the site’s JavaScript had been tampered with, displaying a message that read, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on [Have I Been Pwned].”

The website “Have I Been Pwned” is a handy tool that lets you check if your account info has been leaked in a data breach.

The hackers managed to break in using something called tokens, which are like digital keys. Unfortunately, after the first breach, those keys weren’t replaced, making it easier for the hackers to strike again. They gained access to support tickets containing a wealth of personal information about users.

In a blog post, IA explained, “Hackers disclosed archive.org email and encrypted passwords to a transparency website, and also sent emails to patrons by exploiting a third-party helpdesk system.”

So, what motivated these attacks? It appears to be about reputation within the hacker community. When hackers target a well-known organization, they boost their credibility among their peers. The Internet Archive is a prime target because it’s widely recognized and attracts a lot of attention, which it certainly did.

After these incidents, Brewster Kahle, the founder of the Internet Archive, stated that the small team was working hard to enhance their security measures. As of now, some parts of the website are still offline while they address the issues.

In their updates, the IA emphasized that keeping their data and users safe is their top priority. They mentioned, “As the security incident is analyzed and contained by our team, we are relaunching services as defenses are strengthened. These efforts are focused on reinforcing firewall systems and further protecting the data stores.” They also showed solidarity with other libraries that have faced similar attacks, including the British Library and various public libraries across Canada and the U.S.

According to Mashable, a group called SN-Blackmeta claimed responsibility for the Distributed Denial of Service (DDoS) attacks on the site, but the hacker behind the data breach remains anonymous. Mashable even communicated with this hacker through the Internet Archive’s helpdesk service, Zendesk. The hacker revealed they had access to all 800,000 support tickets sent to the IA since 2018.

The hacker expressed frustration, saying, “It’s dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.”

In simple terms, this means that even after the first incident, the IA didn’t take enough steps to protect their data, leaving them vulnerable to further attacks.