Tech

Hackers taunt Internet Archive in new breach as it reels from DDoS attack, data leak

The problems continue for the Internet Archive.

Photo of Katherine Huggins

Katherine Huggins

Unidentified hacker taunts Internet Archive through customer support tickets

Reeling from a hack and breach earlier this month, the Internet Archive hit another bump days ago after an unidentified hacker taunted the non-profit through its customer support tickets.

Featured Video

Days ago, someone reached out to users who had opened customer support tickets since 2018.

According to screenshots shared online and a report by Mashable, where a reporter likewise received a response to a customer support ticket, the individual put the Internet Archive on blast for not securing its tokens in the wake of the major breach two weeks prior.

On Reddit, one user posted that they “used their support once to remove my personal info and have just gotten this email indicating that the breach reached the ZenDesk support system.”

Advertisement

The Reddit post attached an image of a response from “The Internet Archive Team” stating that “it’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.”

“As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018,” the message continued. “Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy.”

“If not me, it’d be someone else,” it concluded. “Here’s hoping that they’ll get their shit together now.”

A spokesperson for ZenDesk on Tuesday confirmed to The Record that the Internet Archive indeed hadn’t secured its authentication tokens, emphasizing that “there is no evidence this was a Zendesk issue and that Zendesk did not experience a compromise of its platform.”

Advertisement

ZenDesk added that it had worked with the archive to secure its account.

The ticket incident followed a hack from a group known as SN_Blackmeta, who took credit for a distributed denial-of-service (DDoS) attack on Oct. 9, adding that its motivation was “because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel.’”

A separate data breach—which SN_Blackmeta explicitly denied responsibility for—exposed the data of 31 million users.

The Internet Archive is not associated with the U.S. government and the hacking group’s rationale quickly came under fire online.

Advertisement

“What is blocking a free online library supposed to achieve? Why should I be impressed?” one person commented initially.

“Much material on Palestine, the Levant, and the wider global south can only be found on The Internet Archive as it gets scrubbed by Google Books who hold a monopoly over human knowledge,” criticized someone else. “Also, the wayback machine has been essential to uncover lies. This is CIA level activity”

In the wake of the backlash, the hacker group put out a series of posts that while the Internet Archive is indeed a non-profit, it’s “covertly linked to the U.S. Congress,” citing Internet Archive founder Brewster Kahle’s ties to the Library of Congress.

In response to the attacks, the Internet Archive temporarily shut down its services to “access and improve our security.”

Advertisement

Reddit theorists posited all sorts of ideas about the motivation for the attacks, ranging from Nintendo secretly aiming “to take Switch Emulators offline” to politicians “trying to cover up by deleting the internet history.”

“My theory is that it’s psychological warfare, in that it’s an attempt by bad actor to sow panic and division amongst the masses by destroying sources of information,” one redditor wrote on Tuesday.

“It’s very obvious this is done by corporations, specifically publishing houses,” theorized someone else, refering to a recent lawsuit the archive lost for hosting books.

Some have not accepted the idea that pro-Palestinian motivations spurred the DDoS attack, with one person commenting under the same post that “the ham handed attempt to false flag this as a Palestinian group causing the disruption has all the hallmarks of a certain Eastern European government who spends most of its time fucking with the west instead of trying to improve conditions for their citizens.”

Advertisement

“only the feds or the worst hackers imaginable would think, out of everything they could do, they should attack the Internet Archive on behalf of Palestinians,” someone else concurred on X. “yknow, the place that hosts a huge repository of Palestinian resources the israeli government doesn’t want you to access.”

The Reddit theories are unfounded, with SN_Blackmeta denying any ties to a government agency (and no reports of such either). No other group has publicly taken credit for any attack on the archive.

As of Thursday afternoon, the Internet Archive is online—though archivist Jason Scott noted Wednesday night, “some of the features are not up yet, but rest assured we’re working on it and our tired devs will prevail.”

“We have a lot of postmortem and a lot of work left to do, so please be patient as our beloved archive withstands a million people desperately reuniting with their library,” he added.

Advertisement

Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.

 
The Daily Dot