As the Internet Archive still struggles to recover from a devastating cyberattack last month — there’s good and bad news.
The good? More of the site’s services are now back online.
The bad? Hackers now have access to the site’s internal support email system.
Also: Why you don’t need to pay for antivirus software anymore
In the latest update to its service availability, the Internet Archive reported that its Archive-It service and blog page have returned. Archive-It is a subscription-based service that enables organizations to build large collections of videos, social media posts, and other digital content, and the blog page lets the site’s owners communicate with its vast audience. Other services have also been restored, following the resumption of the Wayback Machine in read-only mode a week ago.
“The Wayback Machine, Archive-It, scanning, and national library crawls have resumed, as well as email, blog, helpdesk, and social media communications,” Internet Archive founder Brewster Kahle said in a blog post on Friday. “Our team is working around the clock across time zones to bring other services back online. In [the] coming days, more services will resume, some starting in read-only mode as full restoration will take more time.”
However, the email and helpdesk areas remain problematic as hackers seem to have infiltrated those services.
Also: The NSA advises you to turn off your phone once a week – here’s why
As described by Bleeping Computer, this latest breach saw the theft of GitLab authentication tokens, giving the attackers access to the site’s Zendesk email support platform. Several people who had previously sent support emails to the archive received the following response from the attackers as shown in a Reddit forum:
It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018. Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine your data is now in the hands of some random guy. If not me, it’d be someone else.
Some people who chimed in on Reddit blamed the Internet Archive for not changing its API keys in the wake of the initial attacks, and others sympathized with the site. As a non-profit organization devoted to sharing valuable historical information, the Internet Archive has a limited budget. That means cybersecurity may get short shrift in the overall running of things.
Also: Cash App users have less than a month to claim up to a $2,500 settlement payout
“In a third attack on the Internet Archive this month, hackers are exploiting access tokens to the organization’s Zendesk implementation,” said Ev Kontsevoy, CEO of Teleport. “This means they now have access to more than 800 support tickets. While many have been critical of Internet Archive for not rotating API keys, it can be challenging in the aftermath of a breach for organizations to pick through the blast radius of an attack to prevent further exploitation.”
–>
The chain of events started last month when two attacks hit the Internet Archive. One was a data breach that compromised 31 million user accounts. Here, attackers stole site users’ usernames, email addresses, and encrypted passwords. Exploiting a JavaScript library to deface the archive, the attackers displayed the following message to visitors: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened.”
Also: If you’re a Marriott customer, FTC says the breach-plagued hotel chain owes you
Another incident occurred around the same time — a pro-Palestinian group named SN_BlackMeta launched a DDoS (Distributed Denial of Service) attack against the archive. Here, the hackers said they hit the site “because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel’.”
The irony with the DDoS attack is that the archive is a non-profit and non-government organization with no ties to or affiliation with the US government.
Also: The best VPN services of 2024: Expert tested and reviewed
As a result of the attacks, the archive was forced to go offline and is only now slowly starting to come back one service at a time.
“Last week, along with a DDOS attack and exposure of patron email addresses and encrypted passwords, the Internet Archive’s website javascript was defaced, leading us to bring the site down to access and improve our security,” Kahle said in his Friday blog post. “The stored data of the Internet Archive is safe and we are working on resuming services safely. This new reality requires heightened attention to cyber security and we are responding. We apologize for the impact of these library services being unavailable.”