The Internet Archive breach continues
Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT assets remain compromised.
The initial attacks
Two weeks ago, the Internet Archive was made inaccessible by several DDoS attacks claimed by pro-Palestinian hacktivists.
In the days before the first one, a separate threat actor managed to compromise and exfiltrate the organization’s user database, which they shared with Troy Hunt of the Have I Been Pwned? service. Some hours before the attack, they added a JavaScript pop-up to the site to spread the news of their actions.
The attacks forced the nonprofit to take stock of their security practices and to concentrate on getting their sites and services back online.
The Wayback Machine – a huge “library” of archived copies of web pages that’s run by the Internet Archive – was made accessible again last week.
A new development
On Friday, October 18, IA’s founder Brewster Kahle said that the stored data of the Internet Archive is safe, and that “the Wayback Machine, Archive-It, scanning, and national library crawls have resumed, as well as email, blog, helpdesk, and social media communications.”
“We’re taking a cautious, deliberate approach to rebuild and strengthen our defenses. Our priority is ensuring the Internet Archive comes online stronger and more secure,” he added.
A new blow fell on Sunday, though, when users who previously contacted the IA with requests received an unprompted canned response:
The email sent by the threat actor (Source: Reddit)
The threat actor told Bleeping Computer that they breached IA after finding an exposed GitLab configuration file on one of IA’s development servers.
That file provided them with an authentication token that they leveraged to gain access to IA’s source code, which contained more credentials and authentication tokens that allowed them further access: to IA’s user database, its Zendesk customer support system, and who knows what else.
But, DDoS attacks aside, the current situation has several silver linings.
For one: As far as we know, the threat actor who breached IA didn’t damage the organization’s archives. Their actions seem to be concentrated on pushing IA to up their security game and be more reactive to security issues reported by security researchers and other well intentioned individuals.
Secondly, this incident is likely to make the wider public realize just how vital the Internet Archive’s digitizing and preserving efforts are for us all and will (hopefully!) result in more donations and volunteers flocking to the organization.
The Internet Archive has yet to publicly comment on this new development.