Internet Archive Suffers Cyberattacks, Hackers Send Emails - 1

Image from Drosen7900, by Fliickr

Internet Archive Suffers Cyberattacks, Hackers Send Emails

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • The Internet Archive faced multiple cyberattacks, causing significant service disruptions.
  • A breach on Zendesk exposed sensitive data from 33 million users.
  • Hackers retained access, sending emails posing as official support.

The Internet Archive, a well-known non-profit digital library and home to the Wayback Machine, has recently been the target of multiple cyberattacks, leading to significant service disruptions for users.

In a new development, the organization suffered a breach on its Zendesk email support platform. This breach occurred after repeated alerts regarding the theft of exposed GitLab authentication tokens by malicious actors, as reported by BleepingComputer (BC).

On Sunday morning, The Verge reported receiving an email from “The Internet Archive Team” in response to a query they sent on October 9.

However, it appears that this email was not sent by the official support team but was rather authored by the hackers who had previously compromised the site, suggesting that they still retain access to the organization’s systems.

Users on the Internet Archive subreddit have also reported receiving similar replies, adding to concerns about security.

BC also reported receiving numerous messages from users who were alerted about the breach through replies to their old removal requests. Many of these notifications warned that the Internet Archive had not effectively rotated the stolen authentication tokens.

One email from the hacker to BC expressed disappointment, stating, “It’s dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.”

Last week, hackers breached the Internet Archive, leaking sensitive information belonging to millions of users and defacing the site with a message mocking the organization for operating on a limited budget, noted The Washington Post .

To mitigate further leaks, the Internet Archive’s team decided to take down the site, including the widely used Wayback Machine, as noted by The Post.

Founder Brewster Kahle revealed that this was the first time in nearly 30 years that the site experienced an outage lasting more than a few hours, noted The Post.

BC claims that it had previously reported that the Internet Archive experienced simultaneous attacks the previous week: a data breach affecting the user data of 33 million accounts and a Distributed Denial of Service (DDoS) attack orchestrated by a group called SN_BlackMeta.

Although both incidents occurred during the same timeframe, they were executed by different threat actors. Many news outlets erroneously attributed the data breach to SN_BlackMeta, conflating the two attacks, noted BC.

This misrepresentation frustrated the actual perpetrator of the data breach, prompting them to reach out to BC. They claimed responsibility for the breach and provided details on how they infiltrated the Internet Archive.

According to the attackers, the breach originated from discovering an exposed GitLab configuration file on one of the organization’s development servers. BC confirmed that this token had been publicly available since at least December 2022, having been rotated multiple times since.

The hackers claimed that this GitLab configuration file contained an authentication token that enabled them to download the Internet Archive’s source code, which in turn included further credentials and authentication tokens, including those for the organization’s database management system.

This access allowed them to download the user database, additional source code, and even modify the site. They asserted that they stole 7TB of data from the Internet Archive but did not provide samples as proof,as reported by BC.

It has now been confirmed that the stolen data also included API access tokens for the Internet Archive’s Zendesk support system. BC said that attempted to contact the Internet Archive multiple times, most recently on Friday, to discuss the breach and its implications, but received no response.

According to The Verge, the Internet Archive team is working around the clock across time zones to restore services. In a blog post dated October 17, Kahle indicated that the site anticipates returning more services in the “coming days,” although initially in read-only mode as full restoration may take additional time.

The reasons behind the recent cyberattacks on the site remain unclear, says The Verge. Forbes suggests that the motivation behind these breaches seems to be reputational rather than financial.

The Post noted that the Internet Archive has faced legal challenges in the past, including lawsuits from book publishers and music labels over digitizing copyrighted material, which the organization maintains is permissible for non-commercial archival purposes.

The Post reports that Kahle warned that the potential penalties from these lawsuits, which could amount to hundreds of millions of dollars, pose a significant threat to the Internet Archive’s survival.

While these lawsuits are ongoing, the Internet Archive now faces the dual challenge of managing legal disputes and countering cyber threats.

The organization previously experienced a DDoS attack in May, leading to intermittent outages. Kahle mentioned to The Post that this was the first instance of the site being targeted in its history.

DJI Sues Pentagon Over Claims Of Chinese Military Ties - 2

Image by Peter Fazekas, from Pixels

DJI Sues Pentagon Over Claims Of Chinese Military Ties

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • DJI is suing the U.S. Defense Department to remove its “Chinese Military Company” label.
  • DJI claims no ties to the Chinese military and only sells consumer/commercial drones.
  • The lawsuit alleges DJI has lost contracts and been stigmatized as a security threat.

DJI, the world’s largest drone company, is suing the U.S. Department of Defense to remove its name from a list of “Chinese Military Companies.” The lawsuit , filed on Friday, claims that the designation is unfair, as DJI maintains it has no ties to the Chinese military and solely produces consumer and commercial drones.

DJI argues that the Department of Defense’s decision has caused significant damage to its business. The company states it has lost contracts, been labeled a national security threat, and been barred from working with various U.S. government agencies.

The lawsuit also highlights that several international customers have canceled contracts with DJI and are unwilling to enter into new agreements.

DJI, represented by the U.S. law firm Paul Weiss, claims that the Pentagon has refused to provide any justification for the designation or meet with company representatives, as noted by Politico .

The lawsuit follows the Pentagon’s 2022 decision to add DJI to the list of “Military Companies Operating in the United States,” as reported by Politico.

This move came after the Department of Defense declared DJI’s products a potential national security threat in 2021, which led to a ban on the use of DJI drones by U.S. government agencies, added Politico.

The Defense Department maintains this list as part of the National Defense Authorization Act, a legislative effort aimed at countering Beijing’s attempts to acquire advanced technologies through companies that appear to be civilian entities, noted Bloomberg .

The act requires the Defense Department to identify companies operating in the U.S. that are connected, directly or indirectly, to the Chinese military, said Bloomberg.

DJI was first added to this list in 2022 and remains on it as of the most recent update in January 2024. U.S. companies are prohibited from conducting business with Chinese firms on this list, noted Bloomberg.

U.S. lawmakers have raised concerns over the security risks associated with DJI drones, including potential data transmission and surveillance vulnerabilities, a charge DJI has denied, as noted by Reuters .

The Pentagon has yet to respond to the lawsuit, Politico reported.

The case underscores ongoing tensions as both nations navigate the intersection of trade and security.