The Internet Archive, the non-profit digital library and operator of the popular Wayback Machine that holds a repository of billions of captures of web pages as they appeared in the past, has come under sustained cyber attack in the form of a significant distributed denial of service (DDoS) attack on its infrastructure, and a major breach that may have seen the data of 31 million users stolen.
Visitors to the organisation’s website were greeted by a JavaScript pop-up created by the attackers on the afternoon and evening of Wednesday 9 October. In their message, the hackers behind the attack said: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP! [HaveIBeenPwned]”
According to Bleeping Computer, HaveIBeenPwned owner Troy Hunt has confirmed the attackers have passed a 6.4GB database to him, which is in the process of being added to the HaveIBeenPwned service.
As of 2am BST on Thursday 10 October, Internet Archive founder Brewster Kahle said the DDoS attack had been “fended off for now” and revealed the organisation had its website defaced. He also confirmed there had been a breach of usernames, email addresses, and salted and hashed passwords.
However, at the time of writing, the US-based organisation’s website remains inaccessible on a public internet connection, and at approximately 12pm BST, Kahle said: “Sorry, but DDoS folks are back and knocked archive.org and openlibrary.org offline.
“@Internetarchive is being cautious and prioritising keeping data safe at the expense of service availability,” he said via his X account. “Will share more as we know it.”
Meanwhile, the group responsible for the attack has identified itself as SN_BlackMeta, a hacktivist operation that supports pro-Palestinian causes.
In statements posted to X, the collective said: “The Internet Archive has and is [sic] suffering from a devastating attack. We have been launching several highly successful attacks for five long hours and to this moment, all their systems are completely down.”
Responding to questions online, they added: “They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of Israel.”
This is disinformation. Although the Internet Archive is US-based, it is a non-profit organisation and has no connection to the US government, regardless of Washington’s stance on the wars in Gaza and Lebanon.
“Hacking the past is usually technically impossible but this data breach is the closest we may ever come to it,” said Jake Moore, ESET global cyber security advisor. “The stolen dataset includes personal information but at least the stolen passwords are encrypted. However, it’s a good reminder to make sure all your passwords are unique as even encrypted passwords can be cross references against previous uses of it.
“HaveIBeenPwned is a fantastic free service that can be used after a breach. It securely contains millions of breached usernames and passwords for people to safely check their credentials against the database to check if they have ever been caught up in a breach. If you find your data in any known breaches, it would be a good idea to change those passwords and implement multi-factor authentication.”
Political motive
Donny Chony, director at Nexusguard, a supplier of anti-DDoS protection, said it was not unusual for DDoS attacks to have political motives, but that the landscape surrounding them was evolving rapidly.
“We’re witnessing a concerning shift where it’s not just businesses or traditional critical national infrastructure at risk of DDoS attacks,” he said. “Hacktivists are launching more powerful and destructive attacks that affect a broader range of people.”
He cited a recent report compiled by Nexusguard that reveals that while DDoS attack frequency is well down this year on 2023, average attack sizes have more than trebled in the same timeframe.
“As geopolitical tensions continue to escalate, especially with the ongoing conflict in the Middle East, we are likely to see even more DDoS attacks on critical infrastructure and disrupt the lives of everyday people,” said Chong, who also argued for better industry regulation to set improved standards for DDoS prevention.