The Internet Archive and its Wayback Machine are down once again following two DDoS attacks on consecutive days.
Last night (Wednesday 10), the Internet Archive revealed that it had been hit by a second DDoS following a previous attack on Tuesday.
On X, Brewster Kahle, a "digital librarian" for the Internet Archive, confirmed attackers had targeted the Javascript library and breached usernames, emails, and encrypted passwords. In response, the Javascript library has been disabled, systems are being scrubbed and security mechanisms will be upgraded.
Kahle said the DDOS attack has been "fended off for now", but neither site appears to be operational today.
Troy Hunt, the famous creator of @haveibeenpwned, reported that the site had also been defaced with a message that said: "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP [Have You Been Pwned]."
Hunt wrote: "Looks like someone compromised a polyfill JS file on a subdomain to inject the alert, but that doesn't explain the root site being down."
A group called Sn_darkmeta then took responsibility for the attack and issued the following statement to its 5,986 followers on X: "They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel'."
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
— 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 (@Sn_darkmeta) October 9, 2024
second round | New attack
09/10/2024 Duration 6 hours… pic.twitter.com/SL9lz4gSld
At the address archive.org, the Internet Archive offers free digitized copies of books, describing itself as a "nonprofit digital library website". It operates the Wayback Machine, which keeps a handy and sometimes highly embarrassing record of old websites for perpetuity.
Although copyright holders and people with dodgy pasts are not fans of the pioneering digital library, both the Internet Archive and the Wayback Machine are hugely popular internet icons. After news of the DDoS attack broke, many people offered their support.
As I said for over 3 decades and few cared to understand:
— Brian Roemmele (@BrianRoemmele) October 9, 2024
We are moving from the Information Age to the Amnesia Age.
The Internet Archive has been attacked and the aim is to delete it.
DO YOU HEAR ME NOW.
Any large ethical AI company that does not come to aid—is worthless. https://t.co/CrsL1zYNXF pic.twitter.com/ilzJPfKdMU
Good evening to everyone except the insignificant excrement who just hacked the @internetarchive. Thank you to @haveibeenpwned for the notification. pic.twitter.com/imo4X9QBw6
— Tarah M. Wheeler (@tarah) October 10, 2024
Daniel Cuthbert, co-chair of the UK Government's Cyber Security Advisory Board, wrote: "Just because you can, doesn't mean you should. Owning the @internetarchive is such a dick move, and I hope you end up with an eternal impossible-to-reach itch."
"Pwning a library is basically the antithesis of the hacker ethos," wrote Kurt Opsahl, Associate General Counsel for Cybersecurity and Civil Liberties Policy at the Filecoin Foundation.
The road has been somewhat rocky for the Internet Archive recently. Earlier this year, the Internet Archive suffered yet another DDoS attack, which led to an outage of all its services.
It is also fighting a legal case against four publishers. Last year, a New York court found the platform guilty of committing copyright infringement, ruling that it could not scan books and lend them out.
The Archive has now removed half a million books from its lending library following the lawsuit, which it is currently appealing. A judgement on the appeal is likely to be issued later this year.
