Dear Users: In spite of frequent alerts that threat actors were stealing exposed GitLab authentication tokens, did you know that Internet Archive has been hacked once more? This time, it happened on their Zendesk email support platform.
The Internet Archive’s immense responsibility is to preserve the constantly growing, massive record of human activity that is the internet. The nonprofit organisation housed in an old church in San Francisco has the largest record of this kind. And, sadly, hackers took control of it.
How Did The Hackers Manage To Do it ?
“Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine, your data is now in the hands of some random guy. If not me, it’d be someone else.”
The Attackers Said
Because the Internet Archive neglected changing stolen GitLab authentication credentials, a serious vulnerability allowed for a breach through its Zendesk support network.The compromised API tokens from the earlier attack were still active.
These emails’ email headers also pass all DKIM, DMARC, and SPF authentication checks, demonstrating that they were sent from 192.161.151.10, an authorised Zendesk server.
The organization’s operations were further disrupted by a Distributed Denial of Service (DDoS) attack that ensued after the initial breach.Brewster Kahle, the founder of the Internet Archive, has recognised the security lapses and said that the company is increasing its security protocols.
People’s Reaction on The Issue
Reddit users claim that rather than helping the volunteer staff in securing the Internet Archive, they decided to attack and out them. It is quite depressing. Their corporate IT team is not big enough to undertake this kind of work. A different story is a location where everything is done for free and where all of the staff members are volunteers with no thought of making a profit.
Stealing Of Exposed Gitlab Token
33 million people’ personal information was taken from the website via a data breach on Internet Archive, and SN_BlackMeta, a pro-Palestinian group, launched a DDoS attack.
An exposed GitLab configuration file was discovered on services-hls.dev.archive.org, one of the company’s development servers, which led to the first Internet Archive hack.
“With that level of access, genuinely, they could have done anything. They could have put inappropriate materials. If they were politically motivated, they could have used the platform to make statements . They could have used the website to distribute malware.”
Helme said
What Could Be The Potential Motive ?
The fact that this was not even an attack motivated by political or financial gain is just plain ridiculous. There were no governmental intrigue notes, nor ransom notes. It was a flex. In the world of cybercrime, where the currency of power is determined by whose breach is larger, more daring, and more widely publicised, the hacker hoped to improve their reputation.