Internet Archive Cyberattack Saga Continues
The nonprofit suffered a series of successive cyberattacks, and it has yet to fully recover.
The Internet Archive (IA) is under siege. Over the course of October, the nonprofit digital library was hit with a series of cyberattacks. Its services, including the Wayback Machine digital archive, have been intermittently unavailable as the nonprofit wades through the wave of attacks and its response.
How were these attacks executed, and what do they mean for the future of the Internet Archive?
The Attacks
Hackers launched a series of different cyberattacks at the Internet Archive that started at the beginning of October, Mashable reports. The attacks appear to be perpetrated by more than one group.
“Experiencing one breach and having [that] get widely publicized means that every attacker group under the sun is going to try to take advantage of that,” Matt Radolec, vice president, incident response and cloud operations at data security company Varonis, tells InformationWeek.
IA was hit with data breach, executed by a threat actor that took advantage of an exposed GitLab configuration file, Bleeping Computer reports. That breach impacted more than 30 million IA users, with email addresses and encrypted passwords stolen. If that weren’t a big enough blow, the nonprofit was then hit with a distributed denial-of-service (DDoS) attack.
InformationWeek reached out to IA for an update on the attacks and recovery. The response sent to the inquiry, as well as many others, did not come from the nonprofit. IA’s Zendesk support system fell prey to hackers, and they used that system access to send a message:
“It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.
As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018.
Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine -- your data is now in the hands of some random guy. If not me, it'd be someone else.
Here's hoping that they'll get their shit together now.”
On. Oct. 22, several IA services went offline again. As of Oct. 23, the Wayback Machine, IA blog, and Archive-It were available, but some IA services remained offline, according to the nonprofit’s homepage.
The IA team has been working to resolve the nonprofit’s security woes. “As the security incident is analyzed and contained by our team, we are relaunching services as defenses are strengthened. These efforts are focused on reinforcing firewall systems and further protecting the data stores,” according to a blog posted on Oct. 21.
Potential Motivations
IA is a nonprofit with a limited budget. What could hackers gain from attacking it?
A lack of resources can make nonprofits vulnerable to opportunistic threat actors. While IA may not have the means to pay a hefty ransom demand, there is still a potential for profit when data is stolen. “Any information that's stolen can have some value. You see a number of accounts were stolen, and all those can be [sold] potentially,” says Steve Winterfeld, advisory CISO at Akamai Technologies, a cloud computing, security, and content delivery company.
Political motives are also possibility. SN_BlackMeta, a group allegedly linked with pro-Palestine aims, claimed responsibility for the DDoS attack, according to BleepingComputer.
IA’s ongoing battle on multiple fronts has drawn a lot of attention, which could be the ultimate goal for a hacker. “I do think in this case this is a hack more for street cred,” says Chris Hickman, CSO of Keyfactor, an identity-first security company. Hackers could leverage the notoriety from a successful attack to boost their profile.
IA represents a vast repository of digital information, which is a valuable, and free, knowledge resource. Hackers could be motivated to cut access to that knowledge or even alter it.
“The reason that an attacker would carry something like this out is misinformation, general disruption, and chaos but also to potentially change or alter history,” says Radolec.
The IA blog points out that several other knowledge institutions, including the British Library, Calgary Public Library, Seattle Public Library, and Toronto Public Library, have also been hit with cyberattacks.
Radolec points out that any nonprofit that houses knowledge could be a susceptible target. “Being a soft target and being a trusted source for knowledge is probably not a good combination in 2024,” he says.
The Way Back for the Internet Archive
Nonprofits like IA face the same cybersecurity challenges as larger entities with more funding. While there is never a good time to be hit with a cyberattack, or in this case several, IA just lost a significant legal battle over copyright infringement, complicating its future.
How could IA, facing legal battles and working with the resources of a nonprofit, shore up its security posture to reduce the risk of future cyberattacks?
“I think Internet Archive probably has to think more creatively about either rebuilding and potentially trying to take a shot at using the funds that they have to rebuild or raising money in such a way that they can get have more robust security,” says Radolec.
IA’s home page currently has a link to PayPal for users to lend support. Given the value of IA’s digital preservation efforts, people in the security community may also be a potential resource. “This may come down to people volunteering to come in and help with their security expertise,” says Winterfeld.
A Cautionary Tale
IA is in an unenviable position, but it is one that many organizations could find themselves experiencing. Any breach is a reminder for security leaders to take stock of their organizations’ vulnerabilities and cybersecurity strategies.
“Dust off your policies, procedures and make sure, first of all, they’re current for your organization, and then secondly, test them,” says Hickman.
Enterprise and nonprofit leaders can also consider how they would respond to this type of situation. “How do we communicate if they [attackers] compromise our communications?” Winterfeld asks.
Hackers are likely to continue targeting organizations like IA for various reasons. Radolec anticipates that the generative AI boom could be one of the driving factors.
“I would predict there's going to be more attacks on libraries and knowledge institutions,” he says. “Whether they allow the AI [systems] to crawl them or not, getting an export of all that data to sell to an AI company could be a very profitable thing for a cybercriminal that lacks ethics.”
About the Author
You May Also Like