The Internet Archive Under Siege: A DDoS Attack, Data Breach, and the Fight for Digital Preservation
The Internet Archive (IA), a non-profit digital library celebrated for its Wayback Machine and vast collection of online materials, faced a significant challenge in October 2024. A sustained Distributed Denial-of-Service (DDoS) attack, coupled with a serious data breach, exposed the vulnerabilities of even the most celebrated digital archives and highlighted the precarious balance between open access and online security. This incident serves as a stark reminder of the critical need for robust security infrastructure and the ongoing battle to preserve digital culture in the face of malicious actors and legal challenges.
A Multi-pronged Attack:
The attack unfolded on October 8th, 2024, beginning subtly with what founder Brewster Kahle initially described as an unusual DDoS attack timing, quipping on X (formerly Twitter), “DDOS on a Tuesday? Last time it was a Monday.” However, the situation escalated rapidly. The IA website went down, suffering a defacement through a compromised JavaScript library. This defacement included a JavaScript alert brazenly boasting about the breach: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”
This pointed to Have I Been Pwned (HIBP), a website that allows users to check if their email addresses have been compromised in data breaches. HIBP founder Troy Hunt confirmed the leak, revealing that the attackers had shared the IA’s authentication database with him. This database comprised 31 million records – including email addresses, usernames, password change timestamps, and Bcrypt-hashed passwords. Crucially, Hunt noted that 54% of the leaked emails were already present in the HIBP database prior to this incident, suggesting a potential prior compromise or data aggregation from other sources.
Hunt’s timeline on X provided further context: The breach data was initially sent to him on September 30th, but due to travel, he didn’t assess it until October 5th. He contacted the IA on October 6th, highlighting the significance of the breach. This delay, while understandable, underscores the challenges of responding quickly and effectively to data breaches, particularly with limited resources.
The Response and the Perpetrators:
The IA responded by disabling the compromised JavaScript library, initiating system scrubbing, and upgrading security measures. However, the DDoS attacks persisted, forcing the Archive offline intermittently. Kahle’s subsequent posts on X emphasized the ongoing struggles, acknowledging both the DDoS mitigation efforts and data safeguarding as priorities, even at the cost of service availability.
Responsibility for the attack was claimed by SN_BLACKMETA, a pro-Palestinian hacktivist group, through posts on X and Telegram. Their motivations, as expressed in a now-deleted X post (preserved via screenshot by Internet Archive archivist Jason Scott), were explicitly political. They argued that the IA, being a US-based organization, implicitly supported Israeli policies, framing their actions as a form of protest against what they termed the "genocide" perpetrated by Israel. They stated, “Everyone calls this organization ‘non-profit’, but if its roots are truly in the United States, as we believe, then every ‘free’ service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders.”
This statement reveals a complex interplay of ideology, political activism, and technological capabilities. The group also claimed responsibility for a previous six-day DDoS attack on the IA in May 2024, demonstrating a pattern of targeted attacks against this particular institution. The group’s online presence, established in November 2023 and including attacks on Arab financial institutions and Israeli tech companies, suggests a broader campaign of digital activism against perceived geopolitical adversaries.
A Year of Challenges for the Internet Archive:
The October 2024 attack was not an isolated incident. The IA has faced a number of significant challenges throughout the year, highlighting the inherent vulnerabilities of large-scale digital archiving efforts. In July 2024, a major heatwave caused an outage due to "environmental factors", underscoring the physical infrastructure limitations of maintaining such a resource. Furthermore, the IA continues to grapple with legal battles, notably losing an appeal in a lawsuit filed by Hachette and other major publishers concerning its online lending library.
Brewster Kahle’s comments linking these attacks to the ongoing litigation against the archive are telling. In May’s post regarding the DDoS attack, he stated, “If our patrons around the globe think this latest situation is upsetting, then they should be very worried about what the publishing and recording industries have in mind. I think they are trying to destroy this library entirely and hobble all libraries everywhere.” This suggests the possibility of a coordinated effort to undermine the IA, combining legal pressure with cyberattacks.
The Broader Implications:
The attack on the Internet Archive is more than just a single event; it’s a potent symbol of the challenges facing digital preservation in the 21st century. It exposes vulnerabilities not only in the security practices of even established institutions but also the increasing use of cyberattacks for political and ideological purposes. The incident underscores the urgent need to:
- Improve cybersecurity practices: The severity of the breach necessitates a comprehensive review of security protocols, focusing on preventing future attacks and strengthening data protection measures.
- Enhance resilience against DDoS attacks: Mitigation strategies need constant refinement and improvement to counter the escalating sophistication of DDoS attacks.
- Foster international collaboration on cybersecurity: Addressing such attacks often requires international cooperation to track down perpetrators and prevent future attacks.
- Promote open dialogue about the ethical dimensions of digital activism: The motivations behind SN_BLACKMETA’s actions underscore the complex ethical questions surrounding targeted attacks, especially when motivated by political ideology.
The Internet Archive’s continued existence is crucial for preserving our digital heritage. The fight to protect this valuable resource from both cyberattacks and legal challenges is far from over. The October 2024 incident serves as a wake-up call, pushing the conversation beyond technical solutions and raising critical questions about the future of digital preservation and the delicate balance between free access and security in the digital age.
