The Internet Archive is under attack, with a popup claiming a ‘catastrophic’ breach - A popup message claims the online archive has suffered “a catastrophic security breach,” as its operators say the site has been DDOS’d for days.

Article
Archive




When visiting The Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted by a pop-up claiming the site had been hacked. After closing the message, the site loaded normally, albeit slowly.

However, as of 5:30PM ET, the popup was gone, but so was the rest of the site, leaving only a placeholder message saying “Internet Archive services are temporarily offline” and directing visitors to the site’s account on X for updates.

Here’s what the popup said:

“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

HIBP refers to Have I Been Pwned?, a website where people can look up whether or not their information has been published in data leaked from cyber attacks. It’s unclear what is happening with the site, but attacks on services like TweetDeck have exploited XSS or cross-site scripting vulnerabilities with similar effects.

Jason Scott, an archivist and software curator of The Internet Archive, said the site was experiencing a DDoS attack, posting on Mastodon that “According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”

An account on X called SN_Blackmeta said it was behind the attack and implied that another attack was planned for tomorrow. The account also posted about DDoSing the Archive in May, and Scott has previously posted about attacks seemingly aimed at disrupting the Internet Archive.

We’ve reached out to the organization to learn more information.

----

Link to discussion regarding the breach on Hacker News

 

[SpellforceFan]

Boy, I sure do love it when they attack helpful sites that do no harm but leave all the bad sites up. Fuck, I hope they nail this guy's balls to wall. Getting so tired of these hacks on well-meaning sites.

Helpful sites that do no harm are non-profits or similarly fund starved companies that have no way to retaliate. If you try this with a service that is actually malicious, you'll find yourself being marked as the enemy of the tribe of israel faster than you can say "mazel tov".

 

[N Space]

Just download whatever website you want to preserve using SingleFile.

 

[Avenue]

Targeting a virtual library in your cyber geopolitics masterplan REEKS of skiddy's first DDoS type shit.
Welp in the interest of fairness that first statement might have been a bit shortsighted, seems "darkmeta" is just some lone hacktivist running his booter for a couple months now.

would you look at that nice custom splash art, bet he has some really cool ascii art repositories saved in that "Awsome" bookmark folder of his.
May this retard (still) get mitigated into oblivion ...

Also, critique IA for inconsistent enforcement of their content deletion policies all you want but I have to give credit and respect for having such a comprehensive collection of website snapshots dating so far back into the lifespan of the mainstream web. That data is invaluable to me.

 

[RTX Mario]

A certain brony retweeted this back in May.

 

[Schpoots]

See you in a week when the hacker gets doxed and it turns out they're a retarded troon.

 

[HahaYes]

BleepingComputer Article | Archive

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database three days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

The data was confirmed to be real after Hunt contacted users listed in the databases, including cybersecurity researcher Scott Helme, who permitted BleepingComputer to share his exposed record.
9887370, internetarchive@scotthelme.co.uk,$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,internetarchive@scotthelme.co.uk,2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N

Helme confirmed that the bcrypt-hashed password in the data record matched the brcrypt-hashed password stored in his password manager. He also confirmed that the timestamp in the database record matched the date when he last changed the password in his password manager.

Well well well

 

[Toji Suzuhara]

Targeting a virtual library in your cyber geopolitics masterplan REEKS of skiddy's first DDoS type shit.
May these retards get mitigated into oblivion

Don't you know, man? With IA down, the troons in the Chair Force won't be able to watch Serial Experiments Lain for free. The Great Satan has been left grounded

 

[HahaYes]

Blatant cross post from A&H:
BleepingComputer Article | Archive

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database three days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

The data was confirmed to be real after Hunt contacted users listed in the databases, including cybersecurity researcher Scott Helme, who permitted BleepingComputer to share his exposed record.
9887370, internetarchive@scotthelme.co.uk,$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,internetarchive@scotthelme.co.uk,2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N

Helme confirmed that the bcrypt-hashed password in the data record matched the brcrypt-hashed password stored in his password manager. He also confirmed that the timestamp in the database record matched the date when he last changed the password in his password manager.

He's proven it as well:


So they've likely known the data was pinched at least 3 days ago and said shit all. Hell of a PR strategy huh

 

[Azdy]

Can't feel bad for them. They are hellbent on appeasing anyone who wants their dirty laundry gone from the internet by removing it from their archives. Oddly this never happens to Archive Today or Ghostarchive. Sucks to suck lmao

 

[Mark Goldbridge]

So many people depending on that shit to access old websites and laughing at the archivists that have physical copies of valuable old data. Get fucked retards!

https://webrecorder.net/

 

[Battlecruiser3000ad]

There needs to be a lolcow version of the Svalbard global seed bank.

The global sneed bank

 

[NoReturn]

Hacker News discusses:


The reddit thread mentioned: https://www.reddit.com/r/DataHoarder/comments/h02jl4/lets_say_you_wanted_to_back_up_the_internet/

https://news.ycombinator.com/item?id=41792500

 

[Happy Fish]

Guessing either some dweebies hired by the publishers that sued, a nation state, or someone who wants to get beat up in a back alley. Could be all three or some combination thereof.

 

[Fatpacks]

Oddly this never happens to Archive Today or Ghostarchive. Sucks to suck lmao

Every archive site will be completely gone in a few years so this doesn't mean much. All of TPTB's dirty laundry will be erased and lost to time. All of it.

 

[Candlelight Desolation]

On a long enough timeline, every site you use will have a breach like this eventually.

 

[Some Dumb Faggot]

Nigger had it coming.

 

[King George III]

I will not lose an ounce of worry over Taylor Lorenz's uncle getting his shit pushed in by skript kiddies.

 

[ditto]

Damn, where's wikileaks when you need them? Yeah, that's right, imprisioned and dissolved by the powers that be

Worse - shambling around like Winston at the end of 1984, married to a glowie handler that never lets him speak alone. A pathetic spectacle to serve as a warning for others.

 

[Toji Suzuhara]

Nigger had it coming.

Nigger had it coming! Forgot not to use the same password everywhere

 

[Gog & Magog]

Archive sites are way too dangerous and there’s only a few. They’re all going to be gone within five years.

All of them. Mark my words.

What are going to do then if all the other archive sites the Farms relies on go down?