Continued Cyberattacks on Internet Archive

In a follow-up to the recent cyberattacks on Internet Archive, the organization has been attacked again during their recovery process – complicating an already difficult process.

The Internet Archive was originally attacked several weeks ago, in a complex series that included a distributed denial of service (DDoS) attack that took down their main sites as well as data breaches and leaks – some severe enough the attackers were able to put up a message on their main webpage.

According to Troy Hunt, the administrator of the popular data breach notification service Have I Been Pwned (HIBP), data taken from the Internet Archive started circulating at some point before September 30.

Now, a follow-up attack has brought the organization back down just as it was nearing recovery. Many of the popular features, including the well-known and widely used Wayback Machine, continue to be unavailable as further attacks impact the Internet Archive’s ability to recover.

Troubles continue

Over the weekend, many users who in the past contacted Internet Archive support received an email informing them about another security incident, one related to the Internet Archive’s Zendesk.

The email, apparently sent by someone who abused a compromised Zendesk token, read, “It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.”

The email serves as an indicator of how data breaches and cybersecurity failures can continue to escalate and build on one another, revealing new vulnerabilities and methods of attack. It also stands as still more evidence of why having a known recovery procedure in place in the case of an incident is key – giving your organization known steps to execute on instead of improvising through a crisis.

 

Your Data In Your Hands – With TECH-ARROW

by Matúš Koronthály