There’s this idea that nothing gets deleted on the internet. There are reasons for this: data is stored on multiple devices, you can recover deleted data, people will screenshot and record things, and data is stored on remote servers somewhere. Another reason? The Internet Archive (IA), a non-profit digital library that offers free access digitized content from the past. Unfortunately, that organization suffered a number of data breaches in October.
In fact, Oct. 20 was the third time the archive got cyber attacked that month. The first attack was on Oct. 9, when hackers stole source code and personal info from 31 million users. Then another attack came in the middle of October.
The attacks came to light after IA visitors shared screenshots of how the JavaScript on the site had been defaced, with a message that said: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on [Have I Been Pwnd].”
Have I Been Pwnd is a website that tracks accounts that may have been leaked publicly after a data breach.
The hackers used tokens, or digital keys, to break into the system. Unfortunately, the tokens were not replaced after the first attack, so it happened again. The hackers got access to support tickets that had reams of personal data attached.
“Hackers disclosed archive.org email and encrypted passwords to a transparency website, and also sent emails to patrons by exploiting a 3rd party helpdesk system,” IA said in a blog post on Oct. 22.
As to why the attack happened, it seems to be a matter of reputation among the hacker community, or at least that’s the working theory. When a hacker gets access to a high-profile target, they gain more credibility in the hacker community. The Internet Archive is an attractive target because it’s culturally visible and likely to cause a lot of attention. Which it did.
After the breaches, Internet Archive founder Brewster Kahle said the shoestring operation was working on improving its security. As of this writing, portions of the website are still offline.
“The safety and integrity of the Internet Archive’s data and patrons remain our top priorities. As the security incident is analyzed and contained by our team, we are relaunching services as defenses are strengthened. These efforts are focused on reinforcing firewall systems and further protecting the data stores,” IA said.
The IA said it stood with other libraries that faced “similar attacks,” including the British Library, Seattle Public Library, Toronto Public Library, and Calgary Public Library.
According to Mashable, a group known as SN-Blackmeta took responsibility for the DDoS attacks on the site, but the hacker behind the data breach itself remains anonymous. Mashable said it talked to the hacker through Internet Archive’s Zendesk, which is a service used by companies to respond to support questions. On Oct. 10, Mashable said it got an email through that service.
The attacker told Mashable they had access to all 800,000 support tickets sent to the site since 2018.
“It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets,” the hacker wrote.