Despite messages of the Internet Archive and Wayback Machine were fully up again after the DDoS in the last few days (usually starting at around 20:00 UTC, lasting for hours at a time, but today at 10:00 UTC), countermeasures of their password breach at the end of September and defacement yesterday, today they still had Wayback Machine archiving issues:
Wayback Machine cannot archive threadreaderapp: domain not found; for other web pages it often returns 404 page not found.
Wayback Machine cannot archive tweets: returning 404 page not found
Now they are completely down:
Wayback Machine page cannot load due to time-out.
Only 3 hours after this long [WaybackCrickets/WaybackSave/Archive] Thread by @troyhunt on Thread Reader App on Twitter [WaybackSave/Archive] start tweet, they came forward themselves that they were – in chronological order, unlike their tweet – breached, DDoS-ed and defaced:
[Wayback/Archive] Brewster Kahle on X: “What we know: DDOS attack–fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security. Will share more as we know it.”
[WaybackSave/Archive] Thread by @brewster_kahle on Thread Reader App (single message)
(note the ThreadReaderApp threads because the Wayback Machine has been failing to display Tweets that have been archived since spring 2024)
Similarly, they have not responded to contact attempts from at least these tech outlets yet:
Troy posted his thread about one hour after this reply to Brewster Kahle: [WaybackSave/Archive] Tom Warren on X: “@brewster_kahle @internetarchive was it a little more than a DDoS?” (which attached the topmost picture in this blog post: thanks Tom!) and confirmation [WaybackSave/Archive] ave on X: “@tomwarren @brewster_kahle @internetarchive ah snap” (image on the right with HIBP email warning).
[WaybackSave/Archive] Tweet JSON [WaybackSave/Archive] Tweet image[WaybackSave/Archive] Tweet JSON [WaybackSave/Archive] Tweet imageOf course it was also on large community sites like:
I wasn’t aware of the last point. Can’t check either now: even the main archive.org site is currently unreachable.
Consequences?
Not sure if this was actually their first time getting breached, but it is the first time I remember since using them since the late 1990’s. It proves that no matter what web-sites one runs or uses, any of them can be breached: all the more reasons to use different passwords for each.
From the Internet Archive communication it is not yet clear of the hackers are really out (and cannot access changed passwords). Hopefully that information will be available soon, but it might mean you need to re-change your Internet Archive password again.
It means we have to do with the information at [WaybackSave/Archive] Internet Archive (@internetarchive) / X for now.
It also means that currently it is unclear if or how much the content of the Internet Archive has been poisoned by the adversaries.
Edit 20241011T0115: all Internet Archive data seems to be in tact as per tweet from Brewster Kahle
[WaybackSave/Archive] Brewster Kahle on X: “Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems. We are working to restore services as quickly and safely as possible. Sorry for this disruption.”
I think stopping the services to verify integrity is an extremely good step taken.
In the mean time, Archive Today is very very busy.
Are these the adversaries?
The self proclaimed adversaries seem to link anything USA/Europe/Israel as bad actors:
[Wayback/Archive] 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 on X: “The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down. second round | New attack 09/10/2024 Duration 6 hours”
The Internet archive has and is suffering from a devastating attack We have been launching several highly successful attacks for five long hours and, to this moment, all their systems are completely down.
second round | New attack
09/10/2024 Duration 6 hours
https://check-host.net/check-report/1f23fe13k936
https://check-host.net/check-report/1f23fe13k936
https://check-host.net/check-report/1f240686k3ff
https://check-host.net/check-report/1f24216bkcd0
@internetarchive
: be honest :)
[WaybackSave/Archive] Tweet JSON
[WaybackSave/Archive] 𝐒𝐍_𝐁𝐋𝐀𝐂𝐊𝐌𝐄𝐓𝐀 on X: “Let’s be clear on a few points: Everyone calls this organization “non-profit”, but if its roots are truly in the United States, as we believe, then every “free” service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders.”
Let’s be clear on a few points:
Everyone calls this organization “non-profit”, but if its roots are truly in the United States, as we believe, then every “free” service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders.
Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts.
We are not interested in your dog barking behind a mobile screen.
If the Internet Archive was shut down for all countries and users, it’s only a taste to experience deprivation. You’re protesting and crying just because you can’t enjoy a free service. Imagine the people in Sudan and Gaza, millions are being subjected to genocide and you’re just a bunch of fools reading about these events. Innocent people don’t need documentation because the truth is already clear: America, Europe and Israel are the greatest cancers in this universe. How foolish you are to think that the files in the archive will be used in supreme courts. You are naive, the courts themselves are run by these very nations. It’s just a racist policy. We don’t need your love, your hatred or your approval. You’re just a group of people shouting big phrases and slogans but with tiny actions.
If you want to know who we are, just look us up and research our work. We are the spark of hope of the people fighting for their lives.
#Darkmeta
#Sn_darkmeta
#Sn_blackmeta
[WaybackSave/Archive] Tweet JSON
Luckily there are tweet contexts (pending) and replies debunking this.
Edit 20241010 16:00: DDoS again to Internet Archive and Wayback Machine; Open Library also affected
About half an hour after the Wayback Machine became unAs a reply to his previous Tweet, Brewster Kahle replied this:
[WaybackSave/Archive] Brewster Kahle on X: “Sorry, but DDOS folks are back and knocked knocked archive.org and openlibrary.org offline. @internetarchive is being cautious and prioritizing keeping data safe at the expense of service availability. Will share more as we know it.”
[WaybackSave/Archive]
I wasn’t aware that Open Library was an Internet Archive project, but in retrospect that’s of course obvious.
Edit 20241013: systems are slowly starting up; e-mail first
[WaybackSave/Archive] Brewster Kahle on X: “https://t.co/NHtWm9YO4C sub services coming back up when they can, safely. e.g. Email working. Now contract crawls for National Libraries (important to make keep collections whole) Thank you for the patience. More as it happens.”
[WaybackSave/Archive] Thread by @brewster_kahle on Thread Reader App –
sub services coming back up when they can, safely. e.g. Email working.
--jeroen
https://wiert.me/2024/10/10/thread-by-troyhunt-the-internet-archive-was-breached-ddosed-and-defaced-reset-your-passwords-its-the-same-account-as-for-their-wayback-machine/
#Darkmeta #SnBlackmeta #SnDarkmeta
Hackulaura Fang
The Wiert Corner - irregular stream of stuff