Internet Archive Suffers Major Cybersecurity Incident
The Internet Archive, the nonprofit entity renowned for its role in preserving a vast array of digital knowledge, has been struck by a significant cyberattack that has taken both its Archive.org and OpenLibrary.org services offline. This breach not only threatens the integrity of one of the largest digital libraries globally but raises urgent concerns over user data security and organizational resilience to cyber threats.
The recent cyberattack involved a substantial data breach affecting approximately 31 million users, resulting in the exposure of sensitive information, including email addresses and salted-encrypted passwords. Following the breach, the organization has experienced a series of distributed denial-of-service (DDoS) attacks, alongside defacement actions on its website. The incidents elicited alarm among cybersecurity experts and users alike, prompting scrutiny of the safety protocols employed by the Internet Archive.
Brewster Kahle, the founder of the Internet Archive, publicly confirmed the double-pronged nature of the assault via a post on X (formerly Twitter) on October 9. He characterized the events as a DDoS attack, a website defacement via a JavaScript library, along with the data breach that compromised user credentials. In response, the organization has disabled the vulnerable JavaScript library and is undertaking extensive measures to enhance its security infrastructure.
The nature of the cyberattack is multifaceted. Cybersecurity specialists have identified two distinct incidents: a data breach and subsequent DDoS attacks. Notably, cybersecurity firm Cyble reported that the DDoS attacks commenced shortly after the breach’s disclosure, allegedly initiated by a group known as SN_BLACKMETA. This group has articulated its motivations for targeting the Internet Archive, claiming the archive should belong to the U.S. and voicing disapproval of the organization’s alleged political affiliations.
The attacks against the Internet Archive have raised critical questions about the adequacy of security measures in place for an institution tasked with safeguarding vast amounts of information. Observers have expressed concern that better protective mechanisms should have been implemented to prevent such extensive breaches, particularly highlighting that hashed passwords ought to have been isolated from public JavaScript access—a standard practice for major online platforms like Wikipedia.
Moreover, the fallout from this incident has led to disruptions in services and has compelled the Internet Archive to reevaluate its existing security framework. Kahle emphasized that the organization is prioritizing user data safety over the rapid restoration of services, assuring users that their data remains secure while ongoing investigations and security enhancements take place.
As the Internet Archive navigates this crisis, it is starkly evident that this incident mirrors a growing trend of cyberattacks targeting libraries and information institutions worldwide. Other notable examples include recent attacks on prominent libraries like the British Library and the Seattle Public Library. These events underscore a pressing need for enhancements in cybersecurity strategies within institutions dedicated to public access to knowledge.
In the context of the MITRE ATT&CK framework, various adversary tactics and techniques may have been employed during this incident. Initial access could have been gained through social engineering or exploiting vulnerabilities in software. Persistence and privilege escalation techniques might have been utilized to maintain access or escalate privileges within the compromised systems, ultimately leading to the data breach and associated disruptions.
The Internet Archive’s experience serves as a cautionary tale for other organizations managing large troves of digital information, highlighting the critical importance of robust cybersecurity measures to safeguard against the evolving landscape of cyber threats.