Internet Archive restores several services after website defacement, DDoS attack

The Internet Archive has restored many of its services more than a week after hackers targeted the popular platform with a distributed denial-of-service (DDoS) attack and defaced its website. 

In an update on Thursday evening, founder Brewster Kahle said that after the incidents last week, the nonprofit was forced to shut down the site in an effort to improve security. 

“The stored data of the Internet Archive is safe and we are working on resuming services safely. This new reality requires heightened attention to cyber security and we are responding. We apologize for the impact of these library services being unavailable,” Kahle said. 

“The Wayback Machine, Archive-It, scanning, and national library crawls have resumed, as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online.” 

Kahle added that more services will resume in the coming days, with several in read-only mode because full restoration will take more time. The goal, according to Kahle, is to take a “cautious, deliberate approach to rebuild and strengthen” the site’s defenses. 

“Our priority is ensuring the Internet Archive comes online stronger and more secure,” he said. 

The attack emerged on October 10 when a hacker claimed they stole data on 31 million users of the platform that included usernames, emails and encrypted passwords. The Internet Archive disabled the source of the breach, scrubbed systems and upgraded security, according to Kahle.

Privacy expert Troy Hunt confirmed that the hackers did steal real information and added the leak to his HaveIBeenPwnd service, where people can see whether their login information for a service or website has been exposed.

The junk web traffic from DDoS attacks continued for several days and was  eventually claimed by a group of hackers going by the name SN_BLACKMETA. Researchers have noted that while most of its posts are written in Russian and the working hours align with Moscow time, the group has explicitly targeted institutions across the Middle East with powerful DDoS attacks.

The hackers claimed they targeted the Internet Archive “because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of ‘Israel.’”

This week, the Justice Department arrested two men who sold a tool that helped groups like SN_BLACKMETA launch DDoS attacks. 

Kahle compared the attack on Internet Archive to several other high-profile cyberattacks on libraries around the world, including ransomware attacks on the British Library, Toronto Public Library, Seattle Public Library and this week’s incident involving the Calgary Public Library. 

“We hope these attacks are not indicative of a trend,” Kahle explained.