MaxiP
internetarchiveUpdates from @brewsterkahle about the DDOS attacks on Internet Archive:
morph
scy@internetarchive @brewsterkahle Hang in there <3
Rafael Masoni@internetarchive @brewsterkahle This is why we can’t have nice things.
devSJR 
remmy08@internetarchive @brewsterkahle this is vile, can't believe people would do something like this
@internetarchive @brewsterkahle
The big question to me: Was the initial vector due to credential reuse that crossed from other websites that had already been hacked?
cc: @haveibeenpwned
Adil Arif@internetarchive @brewsterkahle Thanks for maintaining such an important project from those that just cause trouble.
George Garner@internetarchive @brewsterkahle So sorry you all are living through this. Thank you all for what you do.
Eibriel
TransitBiker@internetarchive @brewsterkahle  weird Target choice 
ExcelAnalytics@internetarchive
#haveibeenpwned reported that my archive.org personal email and password are released. I can see a welcome email 2 years ago but no password is mentioned so I don't even know if I had one.
#haveibeenpwned reported that my archive.org personal email and password are released. I can see a welcome email 2 years ago but no password is mentioned so I don't even know if I had one.
njsg@internetarchive @brewsterkahle
Is there any possibility of hope that a result of this is a more usable archive.org with less reliance on js?
(Not that the solution ought to be "ditch js framework", really just commenting on how the current js use harms usability and compatibility (especially when less common js features are in use).)
LukefromDC@internetarchive @brewsterkahle I use archive.org myself for video posts, fortunately they also go to my mastodon directly. Thus to kill access to my videos requires taking down two unrelated sites at once.
Archive is smart to protect their data given the treasure trove they have.
Wonder if book publisher Hatchette or some movie or music copythug has something to do with this?
JProl 🌍🎶💾🆓🐦@internetarchive @brewsterkahle ❤ Stay sharp 💪🏽
auser
GoNancyGo@internetarchive @brewsterkahle This is our archive and I take attacks personally. I am so grateful for our archivists going to battle.
My favorite IA memory- when life was throwing too much crap at me, I found Nancy Drew books here. I loved them as a child, and it was so comforting.
Any stories not quite so frivolous?
My favorite IA memory- when life was throwing too much crap at me, I found Nancy Drew books here. I loved them as a child, and it was so comforting.
Any stories not quite so frivolous?
Tiny Gamer Alec@internetarchive @brewsterkahle
Well they're being significantly more responsible about it than most anywhere else that gets hacked, I'll give them that...
Rusty Ring@internetarchive @brewsterkahle So. How hard is it gonna be to find this guy?
bojkotiMalbona@RustyRing
It’s in #Cloudflare’s interest for archive.org to go down. It would force Cloudflare-oppressed people to surrender to Cloudflare’s bullying. So I’d say CF should be a top suspect. But CF has many booters working (likely indirectly) for Cloudflare, so it would be hard to definitively pin it down to CF.
@internetarchive @brewsterkahle
It’s in #Cloudflare’s interest for archive.org to go down. It would force Cloudflare-oppressed people to surrender to Cloudflare’s bullying. So I’d say CF should be a top suspect. But CF has many booters working (likely indirectly) for Cloudflare, so it would be hard to definitively pin it down to CF.
@internetarchive @brewsterkahle
Mitsunee | 光音@RustyRing @internetarchive @brewsterkahle bot networks are usually hired, so there's no trace of the attacker
@mitsunee @internetarchive @brewsterkahle I get what you're saying, but hiring means money paid to the human who owns the bot, and that person can in theory be identified and subpoenaed. Yeah, it's probably a needle in a haystack, but Authority has accomplished similar tasks when motivated. Seems like this kind of nonsense should become more difficult to pull off.
@RustyRing @internetarchive @brewsterkahle you'd think the guys who have been continuously doing this to riot games and the T1 esports org would've been found by now if it was that easy, but we're months into that story with no news despite tencent (who own riot) coming from the same country as the attached
@mitsunee @internetarchive @brewsterkahle Granted, but my point was never that it's easy, just that it's possible where the political capital exists.
Authority has accomplished enforcement when it has wanted to. Since it only cares about this type of crime when it's directly targeted by it, we're left with an Internet culture of bullying and vandalism -- one that promotes a high degree of expertise in this kind of terrorism.
But that's not going to challenge Authority down the line or anything.
@internetarchive @brewsterkahle What about the onion site? Archive.org used to have an onion site (archivecrfip2lpi.onion). What happened to that? In principle, there should be an onion v3 host serving as a backup site.
Complexity of systems 🏳️⚧️@internetarchive @brewsterkahle
Another update (screenshoted from the site formerly known as Twitter)
Another update (screenshoted from the site formerly known as Twitter)
Rianq@internetarchive @brewsterkahle What absolute shitheads who did this. Will donate after the ordeal.
pixelgladeThank you Internet Archive!
IcePee@internetarchive @brewsterkahle Are there any mirrors of this site elsewhere?
krimss@internetarchive @brewsterkahle Best of luck guys, we need you.
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️@internetarchive @brewsterkahle
Sorry for asking in such a situation, but is this problem of "uploader email leakage in item metadata" going to be fixed anytime soon?
https://theintercept.com/2024/10/10/internet-archive-hack-breach-email-addresses/
Sorry for asking in such a situation, but is this problem of "uploader email leakage in item metadata" going to be fixed anytime soon?
https://theintercept.com/2024/10/10/internet-archive-hack-breach-email-addresses/
David Penfold 
@internetarchive @brewsterkahle hashing passwords is not encryption, by the way.
NerdNextDoor 
@internetarchive @brewsterkahle This sucks honestly. I use the IA often and honestly I'm disappointed in those who took it down and uploaded 31 million user records.
In the meantime, I've made an app that pings the Archive subdomains every 30 minutes for their page status so I'll know when it's back online.
I hope it's okay with the IA team. It's on my GitHub, and if it's causing trouble with the recovery, just let me know, and I'll gladly take it down. :D
Greg Fewer@internetarchive @brewsterkahle Well this is annoying! Hopefully, the archive's data is intact but the data breach on top of the DDOS and the defacement is bad news. While it could be just jerks having 'fun' it's more likely that a government (e.g. that of Russia or Israel) has attacked the site to remove public access to troubling videos and photos of war crimes.
@internetarchive @brewsterkahle For context, Richard Sanders, director of a new documentary, Investigating War Crimes in Gaza, said on Democracy Now! (9 October 2024) that 'what we hope very much is that [Israeli soldiers' videos of war crimes posted on social media] will be of use, um, to the ICC. And ... if you follow Hebrew language social media, there's been a panicky, um, deleting on social media accounts over the last few days. ... We've got it all saved.' https://www.youtube.com/watch?v=ucfxj-faTWI (11:54+)
“The First Live-Streamed Genocide”: Al Jazeera Exposes War Crimes Israeli Troops Filmed Themselves
Andres Bravo@internetarchive @brewsterkahle it happened. Oh my god.
Terry Echoes@internetarchive DDoS is a crime.
Vickie 🇨🇦 😷🏳️🌈@internetarchive @brewsterkahle
We can't have anything nice. ☹️
nicdex 🇨🇦 🇺🇦@internetarchive @brewsterkahle seriously this sucks. What kind of person DDoS the internet archive :(
iN8sWoRLdBlackMeta hacktivist group
Pro-Palestinian group claims responsibility for Internet archive hack
Claims that the archive belongs to the US A Pro-Palestinian hacktivist group has claimed responsibility for downing the Internet Archive and Wayback Machine and compromising user data. The group called SN_BLACKMETA has taken responsibility for the hack on X and Telegram. "They are under at...
Pteryx the Puzzle Secretary@in8sworld @nicdex ...I can't tell if these people are misguided (the Internet Archive isn't a function of the US government), or a false flag operation trying to smear the anti-genocide movement.
PrivateMe (Follow Me On Bsky)Of all things to hack, why a website that preserves the past?
Runa Press 📚@internetarchive @brewsterkahle Thank you for your work, guys. Internet wouldn’t be possible without people like you. Keep it up. We will keep on donating 💖 📚
@internetarchive @brewsterkahle The archive.org page links to twitter, but you can't really see what's going on without an account. All tweets are out of order.
Good luck with the updates!
Brewster Kahle@theblacklounge @internetarchive
sorry, we are trying to cover the major social media systems. @internetarchive can be useful.
https://mastodon.archive.org/deck/@internetarchive/113290094683712789
Strypey@brewsterkahle
> defacement of our website via JS library
I sympathise with the good folks at archive.org, who do a fantastic and underappreciated job, and I don't mean to kick them while they're down.
But...
Using scripts in your website that your web team haven't audited, either directly or as part of a rabbithole of JS dependencies, opens you up to exactly this kind of shitfuckery.
Yet another good reason to #MakeJavaScriptOptional!
DuckyCart@internetarchive @brewsterkahle
I hope the cybercriminals responsible for this face accountability by the justice system.
segfox@internetarchive @brewsterkahle if you're encrypting passwords instead of hashing them, then you're doing it seriously wrong 