Our Daily Breach - Internet Archives is under attack (again)
Internet Archives is under attack... again. Hackers love this single trick to maintain persistence.
Sincerest apologies for the lack of ODB content yesterday, real life matters are taking up more time away from from ripping on the Company.
Today brings no joy to report that the Company in today's story is the Internet Archives (IA) after what feels like just yesterday we had reported on their data breach and DDoS attack.
The Wayback Machine and Have I Been Pwned are amazing tools for knowledge discovery. The fact that it's free to all makes it one of the few genuinely good things on the Internet.
One thing I found odd in reading other reports on this story and in our own CrankySec Discord is that journalists and diary hobbyists seem to be unclear on the motive and who was behind the attack.
The hacking group SN_BLACKMETA has been loudly claiming this attack to create awareness of the plight of the Palestenian people on X/Twitter since October 13, 2024:
In light of the DDoS attack that we carried out on the Internet Archive, we felt that it was of extreme importance to address some misconceptions about our actions and clarify who we are as a group, SN_DARKMETA. Quite the contrary to popular belief, we do not work and we are not associated to any government agency, nor are we a one-hit wonder...
While our recent attack on the Internet Archive was not exclusively driven by our core mission and objectives, it reflects a broader intention and a need to draw attention to our ongoing struggle. We believe that highlighting the plight of innocent Palestinian people is essential, and targeting a significant digital resource like the Internet Archive serves to underscore the importance of their story and experiences.
Now we're no experts here at ODB, but that seems like pretty clear admission and motive for the attack.
What makes this story even more unbearable for us in a totally not jealous way, is that the hacker wrote to Mashable explaining how they have been able to maintain persistence in the latest attacks. Spoiler: turns out IA never rotated their API keys after the initial attack exposed their Gitlab secrets 🤦♀️
