Activists Engaged in Hacking Assert Responsibility for Disrupting Internet Archive Services
On October 8, it became evident that something was amiss. "DDOS attack on a Tuesday? Last time it was a Monday," remarked Internet Archive founder Brewster Kahle in a post on X. Troubles escalated on Tuesday, with the site becoming inaccessible and being defaced. Visiting the site triggered a JavaScript alert.
"Ever thought the Internet Archive operates on a shoestring budget and is perpetually teetering on the edge of a disastrous security breach? Well, guess what just happened. Check out 31 million of you on HIBP!" the alert read.
"HIBP" refers to "Have I Been Pwned," a website where users can verify whether their email addresses have been leaked in data breaches. According to a post on X, HIBP indicated that approximately 54% of the emails involved in the Internet Archive (IA) breach had previously been included in their database before this most recent incident.
Troy Hunt, HIBP's founder, disclosed to BleepingComputer that hackers handed over the IA's authentication database to him 10 days prior. The SQL file contained email addresses, screen names, timestamps for password changes, and Bcrypt-hashed passwords of the IA's registered users.
In a post on X, Hunt outlined the sequence of events.
Subsequently, Kahle addressed the situation on October 9. "We're aware of: DDOS attack, held off so far; website defacement via JavaScript library; breach of usernames, emails, and salted, encrypted passwords," Kahle stated in a post on X. "Our actions: Disabled the JavaScript library, scrubbing systems, security upgrades."
The Archive went offline again the following morning. "Apologies, but the DDOS attackers are back and knocked out archive.org and openlibrary.org," Kahle shared in a follow-up post on X. "The Archive is being prudent, prioritizing data security over service availability."
A hacktivist group calling itself SN_BLACKMETA claimed responsibility for the hack on X and Telegram. "They are under attack because the archive originates from the USA, and as we all know, this hypocritical and detestable government supports the atrocities committed by the criminal state of 'Israel,'" the group stated on X when queried about their motives.
SN_BLACKMETA provided further explanation in a later deleted post on X. Archivist Jason Scott, an IA employee, captured the post and disseminated it. "Everyone hails this organization as 'non-profit,' but if its origins are indeed in the United States, as we suspect, then every 'free' service it provides drains countless lives. Foreign nations are not spreading its values beyond their borders. Many tender-hearted children are crying in the comments, and most of the comments are from a group of Zionist bots and phony accounts," the post read.
SN_BLACKMETA claimed responsibility for a six-day DDoS attack on the Archive in May as well. "Since the attacks commenced on Sunday, the DDoS assault has been bombarding the system with tens of thousands of fake request messages per second. The origin of the attack remains undetermined," Chris Freeland, Director of Library Services at the Archive, stated in a post about the attacks back in May.
SN_BLACKMETA debuted their Telegram channel on November 23 and has been associated with several other attacks, including a six-day DDoS attack on Arab financial institutions and various attacks on Israeli tech companies in the spring.
The Internet Archive has had a challenging year. In July, the site went down due to "environmental factors" during a severe heat wave in the United States. Last month, they lost their appeal in the lawsuit initiated by Hachette and other major publishers against them.
"If our supporters worldwide find this latest incident unsettling, then they should be seriously concerned about the Publishing and Music industries' plans," Kahle expressed in a post about the DDoS attack in May. "I believe they are aiming to dismantle this library entirely and undermine all libraries globally. But just as we're fending off the DDoS attack, we are grateful for the support in countering this unfair litigation against our library and others."
The Internet Archive failed to meet Gizmodo's request for comment.
"As we move forward, it's crucial for the Internet Archive to invest in advanced tech and technology solutions to bolster its security and prevent future breaches."
"In light of the recent events, many are questioning the future of the Internet Archive and its role in the digital age, with some calling for more robust tech and security measures."
