TechTarget and Informa Tech’s Digital Business Combine.TechTarget and Informa
Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.
The nonprofit suffered a series of successive cyberattacks, and it has yet to fully recover.
October 24, 2024
The Internet Archive (IA) is under siege. Over the course of October, the nonprofit digital library was hit with a series of cyberattacks. Its services, including the Wayback Machine digital archive, have been intermittently unavailable as the nonprofit wades through the wave of attacks and its response.
How were these attacks executed, and what do they mean for the future of the Internet Archive?
Hackers launched a series of different cyberattacks at the Internet Archive that started at the beginning of October, Mashable reports. The attacks appear to be perpetrated by more than one group.
“Experiencing one breach and having [that] get widely publicized means that every attacker group under the sun is going to try to take advantage of that,” Matt Radolec, vice president, incident response and cloud operations at data security company Varonis, tells InformationWeek.
IA was hit with data breach, executed by a threat actor that took advantage of an exposed GitLab configuration file, Bleeping Computer reports. That breach impacted more than 30 million IA users, with email addresses and encrypted passwords stolen. If that weren’t a big enough blow, the nonprofit was then hit with a distributed denial-of-service (DDoS) attack.
Facing the Specter of Cyber Threats During the Holidays
InformationWeek reached out to IA for an update on the attacks and recovery. The response sent to the inquiry, as well as many others, did not come from the nonprofit. IA’s Zendesk support system fell prey to hackers, and they used that system access to send a message:
“It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.
As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018.
Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
Here's hoping that they'll get their shit together now.”
On. Oct. 22, several IA services went offline again. As of Oct. 23, the Wayback Machine, IA blog, and Archive-It were available, but some IA services remained offline, according to the nonprofit’s homepage.
The IA team has been working to resolve the nonprofit’s security woes. “As the security incident is analyzed and contained by our team, we are relaunching services as defenses are strengthened. These efforts are focused on reinforcing firewall systems and further protecting the data stores,” according to a blog posted on Oct. 21.
Forrester Panel: Government Cybersecurity Leaders Discuss Next Steps for Zero Trust
IA is a nonprofit with a limited budget. What could hackers gain from attacking it?
A lack of resources can make nonprofits vulnerable to opportunistic threat actors. While IA may not have the means to pay a hefty ransom demand, there is still a potential for profit when data is stolen. “Any information that's stolen can have some value. You see a number of accounts were stolen, and all those can be [sold] potentially,” says Steve Winterfeld, advisory CISO at Akamai Technologies, a cloud computing, security, and content delivery company.
Political motives are also possibility. SN_BlackMeta, a group allegedly linked with pro-Palestine aims, claimed responsibility for the DDoS attack, according to BleepingComputer.
IA’s ongoing battle on multiple fronts has drawn a lot of attention, which could be the ultimate goal for a hacker. “I do think in this case this is a hack more for street cred,” says Chris Hickman, CSO of Keyfactor, an identity-first security company. Hackers could leverage the notoriety from a successful attack to boost their profile.
Ransomware Attack on Rhode Island Highlights Risk to Government
IA represents a vast repository of digital information, which is a valuable, and free, knowledge resource. Hackers could be motivated to cut access to that knowledge or even alter it.
“The reason that an attacker would carry something like this out is misinformation, general disruption, and chaos but also to potentially change or alter history,” says Radolec.
The IA blog points out that several other knowledge institutions, including the British Library, Calgary Public Library, Seattle Public Library, and Toronto Public Library, have also been hit with cyberattacks.
Radolec points out that any nonprofit that houses knowledge could be a susceptible target. “Being a soft target and being a trusted source for knowledge is probably not a good combination in 2024,” he says.
Nonprofits like IA face the same cybersecurity challenges as larger entities with more funding. While there is never a good time to be hit with a cyberattack, or in this case several, IA just lost a significant legal battle over copyright infringement, complicating its future.
How could IA, facing legal battles and working with the resources of a nonprofit, shore up its security posture to reduce the risk of future cyberattacks?
“I think Internet Archive probably has to think more creatively about either rebuilding and potentially trying to take a shot at using the funds that they have to rebuild or raising money in such a way that they can get have more robust security,” says Radolec.
IA’s home page currently has a link to PayPal for users to lend support. Given the value of IA’s digital preservation efforts, people in the security community may also be a potential resource. “This may come down to people volunteering to come in and help with their security expertise,” says Winterfeld.
IA is in an unenviable position, but it is one that many organizations could find themselves experiencing. Any breach is a reminder for security leaders to take stock of their organizations’ vulnerabilities and cybersecurity strategies.
“Dust off your policies, procedures and make sure, first of all, they’re current for your organization, and then secondly, test them,” says Hickman.
Enterprise and nonprofit leaders can also consider how they would respond to this type of situation. “How do we communicate if they [attackers] compromise our communications?” Winterfeld asks.
Hackers are likely to continue targeting organizations like IA for various reasons. Radolec anticipates that the generative AI boom could be one of the driving factors.
“I would predict there's going to be more attacks on libraries and knowledge institutions,” he says. “Whether they allow the AI [systems] to crawl them or not, getting an export of all that data to sell to an AI company could be a very profitable thing for a cybercriminal that lacks ethics.”
Carrie Pallardy
Contributing Reporter
Carrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.
You May Also Like
The CIO’s Guide to IT Automation in 2025: Enabling Innovation & Efficiency
2024 The State of Data Management, Privacy, and Governance
2024 InformationWeek US IT Salary Report
2022 State of ITOps and SecOps
Nov 26, 2024
Nov 21, 2024
Nov 18, 2024
Nov 20, 2024
Jun 4, 2024
The CIO’s Guide to IT Automation in 2025: Enabling Innovation & Efficiency
Unlocking Generative AI’s Potential: A Fast Track to Trusted Solutions
Beyond the GenAI Gype: Real World Investments, Use Cases, and Concerns
The Defender’s Advantage: Using Artificial Intelligence in Cyber Defense
The Defender’s Advantage | A guide to activating cyber defense
IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment
2024 The State of Data Management, Privacy, and Governance
2024 InformationWeek US IT Salary Report
2022 State of ITOps and SecOps
Copyright © 2024. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.