Lars Daniel is the Practice Leader of Digital Forensics at Envista Forensics and the founder of the DigitalEvidenceAcademy.com. He covers cybersecurity and electronic evidence, focusing on the intersection of technology in legal proceedings and our digital lives.
At the end of this article, you will find explanations of the key technical terms used, such as DDoS attacks, access tokens, and phishing to help clarify the details of the breaches.Despite previous warnings and multiple breaches earlier this month, the organization had not or were unable to secure the system adequately, leaving the tokens vulnerable to continued exploitation.
The attackers were still able to access and potentially download sensitive support data, including personal identification documents submitted by users., which archives websites and allows users to view them as they appeared in the past, making it a valuable resource for historians, researchers, and the general public. Beyond websites, the Archive hosts millions of digital items, including books, music, audio files, videos, and software. This vast collection preserves cultural and historical materials that might otherwise be lost. The organization operates primarily on donations and has played an essential role in maintaining digital history. ‘This Needs To Stop’—Tesla Billionaire Elon Musk Issues ‘Staggering’ Fed ‘Bankruptcy’ Warning After Sparking Bitcoin Price PanicThe first breach occurred on October 9, 2024, involving a dual attack—a data breach and a Distributed Denial of Service attack. Hackers took advantage of a previouslylaunched a DDoS attack that overwhelmed the Archive’s servers with traffic, temporarily taking the site offline. Although these attacks happened at the same time, the data breach and the DDoS attack were, this time gaining unauthorized access to the Internet Archive's Zendesk support platform. These tokens, which act as digital keys, were supposed to have been secured after earlier warnings but remained exposed. The attackers accessed thousands of support tickets dating back to 2018, which may have included personal identification documents. This breach exposed a critical flaw in the Archive’s security practices, particularly its failure to rotate API tokens regularly.This most recent breach occurred when hackers continued to exploit unrotated Zendesk API tokens. These tokens, essentially digital keys, had been exposed in previous attacks, but the Internet Archive failed to rotate or replace them. This allowed attackers to maintain access to the Archive’s Zendesk support platform, where sensitive user support tickets were stored. Some of these tickets contained personal identification documents submitted by users requesting the removal of content from the Archive’s services.The first major breach saw hackers taking advantage of a GitLab token that had been left exposed since late 2022. This token allowed the attackers to access the Archive’s source code and steal sensitive data, affecting 31 million users. Simultaneously, a DDoS attack by a separate group, SN_BlackMeta, disrupted the site. While this attack primarily targeted the Archive’s user data and source code, it highlighted significant weaknesses in the Archive’s security practices, including token management.In the second breach, hackers shifted their focus to the Internet Archive’s Zendesk support platform, where they exploited unrotated access tokens. These tokens, which should have been updated following the initial breach, granted unauthorized access to support tickets containing sensitive personal data from users.The third breach is a direct consequence of the same root problem that led to the first and second attacks: the failure to properly manage and rotate access tokens. This allowed the attackers to repeatedly exploit the same vulnerabilities and maintain access to sensitive areas of the Internet Archive’s systems. Each subsequent attack built upon the gaps left unresolved by the previous breach, compounding the damage.The Internet Archive, being a significant well-known repository of digital information, was a prime target for hackers looking to build their reputations. Although no ransom demands were made, the stolen data poses risks for phishing attempts and identity theft. At the time of publishing, I have been unable to contact the Internet Archive for comment, but the official X account posted the following on October 19: The phrase"I stand with @internetarchive" has been circulating on X as a show of support for the Internet Archive in light of its recent cyberattacks. By tweeting"I stand with @internetarchive," individuals are expressing solidarity with the Archive’s mission to provide free access to knowledge and preserve the digital record of the internet. The phrase has become a sort of rallying cry for users, researchers, and digital rights advocates who believe in the importance of the Archive's work for future generations., “The Internet Archive is a 501 non-profit that was founded to build an Internet library, with the purpose of offering permanent access for researchers, historians, and scholars to historical collections that exist in digital format. Founded in 1996, the Internet Archive has an historical web collection of over 150 billion web pages, about 240,000 movies, over 500,000 audio items , over 1,800,000 texts, 1600 education items, and over 30,000 software items. And we’re growing bigger every day!”: This type of attack overwhelms a website with excessive traffic from multiple sources, making it difficult or impossible for regular users to access the site. Imagine it as a traffic jam on the internet—too many cars clog the roads, preventing legitimate users from getting through.: Access tokens are digital keys that systems use to authenticate and securely communicate. These tokens grant authorized access to specific parts of a system. In the Internet Archive breach, hackers stole access tokens, allowing them to bypass security measures and gain entry into sensitive platforms, such as Zendesk. This allowed them to access user data, including support tickets without needing a password.: GitLab is a platform used by developers to manage and host code. During the first Internet Archive breach on October 9, 2024, one of the stolen tokens belonged to GitLab, giving hackers access to the Archive’s development systems. This access exposed not only user data but also the organization's source code, potentially compromising the entire infrastructure: Phishing is a common technique used by hackers after a data breach, where they send fake emails pretending to be a legitimate organization to trick individuals into revealing sensitive information, such as passwords. After the Internet Archive breaches, affected users are at an increased risk of being targeted by phishing attacks. Cybercriminals could leverage the stolen data to craft more convincing phishing emails.Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.Insults, profanity, incoherent, obscene or inflammatory language or threats of any kindContinuous attempts to re-post comments that have been previously moderated/rejectedAttempts or tactics that put the site security at riskProtect your community.
Wayback Machine Gitlab Bleepingcomputer Ddos Zendesk API Tokens Digital Forensics Cyberattack Data Breach
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
The Internet Archive’s Fight to Save ItselfThe web’s collective memory is stored in the servers of the Internet Archive. Legal battles threaten to wipe it all away.
Read more »
The Internet Archive is under attack, with a breach revealing info for 31 million accountsThe Internet Archive has suffered a data breach affecting 31 million accounts and is now offline after its site was defaced and DDoS’d.
Read more »
Hackers Claim 'Catastrophic' Internet Archive AttackNonprofit behind the Wayback Machine has suffered a cyberattack by 'pro-Palestinian hacktivists' affecting 31 million users.
Read more »
Hacktivists Claim Responsibility for Taking Down the Internet ArchiveA pro-Palestinian group has compromised the login information for the world’s biggest digital archive and launched a sustained DDoS attack against the site.
Read more »
The Internet Archive has faced a barrage of cyberattacksKevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
Read more »
The Internet Archive hackers still have access to its internal emailing toolsHackers who breached The Internet Archive replied overnight to people who have contacted the site in the past, using the Archive’s internal email tools.
Read more »