Cyber attack on Internet Archive apparently carried out by Russian hackers

The Internet Archive has only been usable to a limited extent since last week because the free Internet library came under massive attack from millions of simultaneous accesses. The perpetrators of the disruption have now claimed responsibility for the cyber attack. The Russian hacker group "SN_BLACKMETA" claimed to have carried out these dDoS attacks to draw attention to the situation of the Palestinian civilian population in the Gaza conflict.

Although the attack on the Internet Archive is not directly related to the Gaza war, the hackers place the importance of a digital resource such as the Internet library on a par with the history and experiences of the Palestinians, the group writes on X (formerly Twitter). Previously, the hackers had already carried out cyber attacks on various banks in Israel and even on a hospital where Israel's prime minister underwent heart surgery.

The Internet Archive has set itself the task of preserving ephemeral data for posterity: Websites, books, but also historical software, apps and films. The non-profit organization, which is governed by US law, has amassed a huge treasure trove of data. At the beginning of October, it became known that parts of this treasure, namely the access data of archive users, had fallen into unauthorized hands. In addition, the Internet Archive suffered a dDoS and a defacement attack at the time.

Over 30 million user credentials were stolen in the attack on the Internet Archive, but SN_BLACKMETA does not claim to have captured this data. This happened back in September and apparently had other perpetrators. Following the attacks, the Wayback Machine is now back online to a limited extent, albeit only in read mode. Initial crawling activities have also resumed – albeit on a very limited scale and only for the National Library of the United States. The remaining services remain offline for the time being for security reasons.

Russian hackers against Israel

The hacker group apparently comes from the region around the Russian city of Veliky Novgorod, southeast of St. Petersburg. SN_BLACKMETA describes itself as independent and is not affiliated with state authorities or agencies. It is still unclear whether the pop-up message when accessing the Internet Archive at the time of the cyberattack also originated from this hacker group, which drew attention to the outflow of data from 31 million users. At least SN_BLACKMETA does not mention this.

However, the hackers are somewhat thin-skinned. Under their post on X/Twitter, for example, they write that they "don't want toxic comments". Such comments are better off on sites that "support the terrorist state of Israel".

Libraries need cyber security

Last year, a library was attacked and paralyzed. The British Library suffered a week-long outage due to a ransomware attack. This underlines the importance of cyber security in the public sector too. In its report on this cyberattack published earlier this year , the British Library wrote: "The cost of investing in prevention outweighs the risk of failing to prevent".

(fds)