in

The Internet Archive is finally mostly back online after a series of cyberattacks

Andriy Onufriyenko/Getty Images

The Internet Archive has finally recovered from a devastating series of cyberattacks last month with all its main sites and services back up and running. Only a few ancillary features are still down, but those should be coming back soon.

Also: Apple will pay you up to $1 million if you can hack into Apple Intelligence servers

In Monday’s update to the blog post, Chris Freeland, Director of Library Services at Internet Archive, reported that the key archive page is up, along with its Wayback Machine, Open Library, Archive-It service, Vault, and the scholarly archive site. On the archive page, most of the key services seem to be available once again, including publicly available texts, TV news search and borrowing, audio files, moving images, institutional uploads, institutional web archiving, and access via the API.

<!–> The Internet Archive
Screenshot by Lance Whitney/ZDNET

“More services and features coming online soon,” Freeland said in the blog post. “Services may be interrupted for ongoing maintenance. Thank you for your patience and ongoing support.”

Though the Internet Archive may appear on the surface as just one service, it actually provides a variety of resources. The main archive page offers free access to digital artifacts of the past, including software, music, movies, TV shows, and books. The Open Library is stocked with a huge catalog of electronic books you can read and borrow. Archive-It is a subscription-based service that helps organizations build large collections of videos, social media posts, and other digital content. The Vault is a digital repository and preservation service for libraries and other organizations.

Also: Microsoft’s Windows 11 24H2 bug patch fixes some problems – and creates new ones

While all of those sites and services were affected last month by a series of cyberattacks, the chain of events started in September when two attacks hit the Internet Archive.

One was a data breach that compromised 31 million user accounts. Cyber attackers stole site users’ usernames, email addresses, and encrypted passwords. Exploiting a JavaScript library to deface the archive, the attackers displayed the following message to visitors: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened.”

Also: Why you should power off your phone at least once a week – according to the NSA

Another incident occurred around the same time – a pro-Palestinian group named SN_BlackMeta launched a DDoS (Distributed Denial of Service) attack against the archive. Here, the hackers said they hit the site “because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel’.”

The irony with the DDoS attack is that the archive is a non-profit and non-government organization with no ties to or affiliation with the US government.

Also: 7 essential password rules to follow in 2024, according to security experts

The third incident saw the theft of GitLab authentication tokens, as described by Bleeping Computer, giving the attackers access to the site’s email support platform. Several people who had previously sent support emails to the archive received the following response from the attackers as shown in a Reddit forum:

It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018. Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine your data is now in the hands of some random guy. If not me, it’d be someone else.

Some people who chimed in on Reddit blamed the Internet Archive for not changing its API keys in the wake of the initial attacks, and others sympathized with the site. As a non-profit organization devoted to sharing valuable historical information, the Internet Archive has a limited budget. That means cybersecurity may get short shrift in the overall running of things.

Also: Cash App users have less than a month to claim up to a $2,500 settlement payout

“In a third attack on the Internet Archive this month, hackers are exploiting access tokens to the organization’s Zendesk implementation,” said Ev Kontsevoy, CEO of Teleport. “This means they now have access to more than 800 support tickets. While many have been critical of Internet Archive for not rotating API keys, it can be challenging in the aftermath of a breach for organizations to pick through the blast radius of an attack to prevent further exploitation.”

–>

As a result of the attacks, the archive was forced to go offline and has slowly come back one service at a time.

“Along with a DDOS attack and exposure of patron email addresses and encrypted passwords, the Internet Archive’s website javascript was defaced, leading us to bring the site down to access and improve our security,” Kahle said in a blog post on October 18. “The stored data of the Internet Archive is safe and we are working on resuming services safely. This new reality requires heightened attention to cyber security and we are responding. We apologize for the impact of these library services being unavailable.”


Source: Information Technologies - zdnet.com