Hackers are gunning for the digital history of the internet after a targeted attack against the Internet Archive knocked out billions of archived webpages.
Non-profit digital archivist The Internet Archive is best known for running the Wayback Machine, a flagship library tool which provides users free access to archived versions of websites, many of which are otherwise no longer available online.
A pivotal platform for researchers, journalists, and anyone interested in the historical preservation of the world wide web, the Internet Archive confirmed it suffered a distributed denial-of-service (DDoS) attack on Wednesday.
Internet Archive founder Brewster Kahle initially dismissed the attack as a temporary issue but by Thursday the hackers struck again and effectively took the platform offline.
“Yesterday's DDoS attack on @internetarchive repeated today,” wrote Kahle.
“We are working to bring archive.org back online.”
Later that day, the website was rocked with yet another DDoS attack.
Notably, the hackers were able to leave a pop-up message on the website before it went offline – a feat which would typically indicate something more intrusive than a DDoS attack alone.
"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach?” read a JavaScript alert on the archive.org site.
“It just happened.”
Kahle later confirmed this website “defacement” was carried out via the site’s JavaScript library, before announcing user emails, usernames and encrypted passwords had been breached.
Hackers took the Internet Archive offline. Photo: Internet
31 million accounts breached
By Thursday, hacking group ‘SN_Blackmeta’ claimed responsibility for the outage on social media platform X and messaging app Telegram.
“We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down,” wrote SN_Blackmeta.
On Telegram, the group further alluded to having compromised the data of 31 million wayback machine user accounts – though it didn’t explicitly claim responsibility for anything other than the DDoS attacks.
Owner of breach notification service Have I Been Pwned, Troy Hunt, confirmed an anonymous party sent him a dataset of 31 million compromised users.
Hunt said he matched one of the encrypted passwords which appeared in the data breach with the password details of a consenting colleague, suggesting further legitimacy to the attack.
“You cannot make that stuff up,” said Hunt.
“At this point in time I knew this was going to be a major thing.”
Hackers claim geopolitical motivations
SN_Blackmeta explained it is widely driven by geopolitical motivations against Israel and the “global Zionist regime”, claiming it had carried out past disruptions against the likes of tech giant Microsoft, streaming platform Spotify, and homestay company Airbnb.
“Our record include [sic] major operations against more than seven Israeli banks and even affected vital services like the hospital where the Israeli prime minister underwent heart surgery,” SN_Blackmeta claimed.
“Additionally, we performed lethal attacks on Israeli energy, electricity and communication companies.”
The group said that after a “long pause on attacks” due to circumstances of war and the ban of its broadcast channel following the arrest of Telegram founder Pavel Durov, it “identified a list of targets” including the Internet Archive.
“In summary, our attack was merely a test of their security system,” said SN_Blackmeta.
“There was no intent to disrupt services for an extended period of time, as that would be a trivial waste of time for us.
“This attack was merely a part of testing the strength of our tools.”
What about the archive data?
On Saturday, Kahle said the Internet Archive’s data “is safe”.
Kahle noted the Internet Archive is “being cautious” and “prioritising keeping data safe at the expense of service availability”.
“Will share more as we know it,” said Kahle.
Professor of cyber security at The University of Queensland, Ryan Ko, told Information Age the Internet Archive is a valuable resource in academia.
“Digital archives are key to several studies and educators, and the unavailability of these platforms would affect several fields such as digital anthropology and history studies,” said Ko.
He added that the main risk of the attack is the “leakage of authentication information”.
“Such authentication information, if made public, could be used for future authentication attempts by criminals,” he said.
“We are talking about the potential for criminals to bypass authentication of accounts belonging to active contributors and stakeholders of the Internet – from the pioneers to the current era – if these accounts’ passwords have not been updated before, or if they do not have multi-factor authentication implemented.”
Hunt meanwhile emphasised the platform’s utility for security researchers, noting he uses the Wayback Machine “extensively” in the process of verifying data breaches, while droves of social media users and researchers have lamented the ongoing disruption to their work during the platform’s days-long outage.
The hack comes as the Internet Archive faces multiple legal battles with book publishers and music labels, which Wired reports could threaten its existence.