The Internet Archive today experienced a distributed denial-of-service attack that took two of its services offline.
The malicious traffic surge is the latest in a series of cybersecurity incidents to have hit the nonprofit over the past few days. It previously experienced at least one other DDoS attack and, more notably, a data breach that compromised 31 million user records. It’s unclear whether the cyberattacks were carried out by the same hacker.
The Internet Archive operates the Wayback Machine, a popular free archive of the web. Since launching in the mid-1990s, it has saved over 800 billion webpages with about 100 petabytes of data. The nonprofit also stores digital copies of other media including books and software code.
The first of the recent cyberattacks against the Internet Archive came to light at the end of September. A hacker sent Troy Hunt, the operator of the cybersecurity service Have I Been Pwned, a dataset stolen from the nonprofit. A few days later, Hunt analyzed the file and determined that it contains more than 31 million records belonging to Internet Archive users.
The dataset included usernames, email addresses, timestamps indicating when the affected users changed their passwords and the passwords themselves. The Internet Archive scrambled the passwords with a hashing system, which means they are unlikely to pose a cybersecurity risk. Hashing is a data processing method that turns login credentials into a seemingly random string of characters.
The Internet Archive used a particularly secure hashing algorithm called Bcrypt. The algorithm is designed in such a way that scrambling passwords consumes a significant amount of processing power. Thanks to that architecture, deciphering a hash to obtain the original password also requires prohibitively large amounts of infrastructure, which makes bypassing Bcrypt impractical for hackers.
The password hashes and other stolen records were sent to Hunt in a 6.4-gigabyte SQL file. After reviewing the contents of the dataset, he notified the Internet Archive and uploaded the file to Have I Been Pwned. The latter service allows consumers to check if their data has been compromised in a cyberattack.
Internet Archive users learned that it was breached on Wednesday, when a hacker compromised the nonprofit’s website and displayed a message announcing a cyberattack had taken place. The message was followed by a DDoS attack a few hours later. A second DDoS attack took place this morning.
Internet Archive founder Brewster Kahle wrote on X that the hacker message displayed on Wednesday was created using a vulnerable JavaScript library. In response, the nonprofit has disabled that library. Kahle added that Internet Archive staffers are “scrubbing systems” and upgrading the organization’s cybersecurity systems.
The DDoS attack that followed the hacker’s message impacted the availability of only Wayback Machine but also the nonprofit’s Open Library book archive. In an update published this morning, Kahle stated that the Internet Archive is “being cautious and prioritizing keeping data safe at the expense of service availability.”