The Internet Archive (will be referred to as IA for the rest of this post) just cannot seem to catch a break. First they had to shut down their virtual library, and now they just got breached. This is one of the dumbest breaches yet, I felt physical pain reading everything.
Data Breach
IA has been suffering multiple data breaches recently, taking it offline. As of me writing this, the IA is still completely offline:
DDoS attacks happen all of the time to the IA, for some reason. However, I'm not at the DDoS part yet. The only reason I'm bringing it up is because during one of the attacks, users visiting the IA would see this message displayed in a Javascript pop-up:[1]
Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on [have i been pwned]!
According to the Twitter account of Have I Been Pwned, 31 million accounts were breached, 54% already in the database. This is all of the information that was taken in this breach:
- Usernames
- Emails
- Encrypted passwords
Brewster Kahle, the founder of the IA, responded on Twitter:
What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords.
— Brewster Kahle (@brewster_kahle) October 10, 2024
What we’ve done: Disabled the JS library, scrubbing systems, upgrading security.
Will share more as we know it.
I would like to mention that this breech is not in any way connected to the DDoS attacks, yet. Troy Hunt from Have I Been Pwned said he was sent the file on September 30. Now, let's talk about the actual DDoS attacks.
DDoS Attacks
This is where things start to get a little stupid. The DDoS attacks against the IA were sent by the BlackMeta hacktivist group.[2] Information about the attack was shared by the attackers on Twitter:
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
second round | New attack
09/10/2024 Duration 6 hours… pic.twitter.com/SL9lz4gSld
The reason why is incredibly stupid. If Twitter's Birdwatch note didn't spoil it for you, the attacker shared the motive in a follow up Tweet:
They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of “Israel”.
— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
The reason why is because the attacker thinks the U.S. government owns the Internet Archive (they don't), and they're doing this to protest against supporting the genocide of Palestine that Israel is carrying out, which the U.S. government supports. First off, fuck Israel. But at the same time, if you're going to send a message, make sure you're sending it to the right people. My theory is that this isn't the actual reason behind the attack, just an excuse. After all, taking down the IA can actually be used for pro-Palestine activities, as @lamborghinibank points out.
Don't worry, this get's dumber. When confronted about this, they completely dodged the question, and instead decided to address the blue check allegations:
Who said we paid whit our money for the bleu check :)
— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
That's right, they find it completely acceptable to purchase a blue check because they aren't spending their own money. Always remember to brag about your crimes online, cool people will even show up to your door to congratulate you.
So, yeah Blackmeta, you're gay.