Internet Archive hacker claims to still have access, responds to Zendesk support tickets

Avatar

A hacker allegedly behind the recent breach of the Internet Archive is making several new claims about their continued access to the platform. 

The digital nonprofit released an update on Thursday that said the Wayback Machine, Archive-It and other tools are available again, while several other services are still in the process of being restored. 

But on Sunday, someone sent antagonistic messages to hundreds of people who have contacted the Internet Archive, including Recorded Future News. 

Using the organization’s support email through customer service platform Zendesk, the hacker said it is “dispiriting to see that even after being made aware of the breach 2 weeks ago, [Internet Archive] has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.” GitLab is a software development platform.

“As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018,” the hacker said in an email to Recorded Future News.

“Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else. Here’s hoping that they’ll get their shit together now.”

Bleeping Computer, which was first to report the messages, as well as several other news outlets, researchers and others who have contacted Internet Archive received identical messages.  

Internet Archive did not respond to requests for comment about the claims made in the message. Several security researchers warned that the intruder may now have access to personal information that was sent to the Internet Archive to facilitate the deletion of content from the Wayback Machine — which stores copies of web pages, many of them defunct. 

BleepingComputer claimed this weekend that it “repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years.”

The platform has been struggling for more than a week after it rode out a distributed denial-of-service (DDoS) attack and someone defaced its website. A hacker also stole data on 31 million users of the platform that included usernames, emails and encrypted passwords. 

It’s unclear how many individuals are involved with each incident. One group publicly took credit for the DDoS attacks, but someone claiming to be the hacker who stole user information contacted BleepingComputer to complain about being lumped in with the other intruders. 

They told the news site that they hacked the Internet Archive for “street cred,” while the group behind the DDoS attacks claimed to have done it for political reasons. None of the claims could be verified at the time of publication. 

BleepingComputer did not identify the Zendesk account hacker, but there is a lengthy list of people, governments and organizations that have taken issue with the Internet Archive since its founding in 1996 by Brewster Kahle. 

Dozens of artists, authors and musicians have opposed the site over the years, claiming it facilitates copyright infringement, and multiple governments have sought to block it for hosting stolen content. 

In his message on Thursday, Kahle compared the recent cyberattack on Internet Archive to several other high-profile cyberattacks on libraries around the world, including ransomware attacks on the British Library, Toronto Public Library, Seattle Public Library and this week’s incident involving the Calgary Public Library

“We hope these attacks are not indicative of a trend,” Kahle explained. 

CybercrimeNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Cyprus’ critical infrastructure targeted by coordinated cyberattacks linked to pro-Palestine groups

Next Post

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

Related Posts

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000 commands designed
Avatar
Read More