Internet Archive Struggles to Keep It's System Secure

 The Internet Archive (IA), most notably the "Wayback Machine", has been the victim of several hacks this past year. Starting back in May they suffered their first legitimate service interruption since the site's founding. They suffered a DDoS attack and eventually were victim to a data breach after that too. The group that took responsibility for the attack strangely enough didn't seem to really be trying to achieve a whole lot. They almost seemed to do it just a prove a point that it could be done.

The group in question was able to deface part of the website and leave a message in-place saying: 

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

Considering the level that they were able to compromise the system to, it is interesting that they didn't (at least that we know of) do more with the compromised data. They were also able to access the archives helpdesk (800,000+ tickets) and then also emailed those addresses that had submitted tickets, more or less teasing them that their info was leaked. 

It's a very strange situation for the IA at the moment but this is a good takeaway that systems need to be secure and all loopholes need to be covered and accounted for following the recovery process after a breach occurs.

Sources:

Internet Archive is back online, but for how long?

Hackers steal information from 31 million Internet Archive users

The world’s largest internet archive is under siege — and fighting back

Comments

Post a Comment

Popular posts from this blog

Ethics of Cybersecurity

 The ethics of cybersecurity can be a complicated matter. We must constantly consider our actions and ensure that they align with not only our client's code of ethics but also our own morals/ethics; these rules will be the guidance for all of our decisions and actions. The guidance doesn't stop there either, we must also consider the legality of our actions and ensure that we are well aligned with all applicable law that pertains to the data we are interacting with. Given the general sensitivity of the data that cybersecurity professionals have access to, they're tasked with not only maintaining the confidentiality of said data but also protecting it from unwanted prying eyes. This will lead them to make a series of carefully orchestrated decisions where they must weigh out the pros and cons of different data security techniques to suit the business's needs. In short, morals and ethics are at the heart of everything we do within the cybersecurity field and we must striv...
Read more

The Importance of Backups

 This article was super interesting to me. It talks a lot about the stats associated with ransomware attacks on various organizations. It also highlights an 8-step plan to help cultivate a successful recovery solution in the event of successful ransomware attacks. Here are a couple of noteworthy quotes from the article:     " According to a report released in July by Semperis, based on a survey of 900 IT and security leaders, ransomware attacks disrupted business operations for 87% of companies."     " According to the Sophos survey, in 94% of cases ransomware actors attempted to compromise the backups. And 57% of those attempts were successful." Those are definitely some concerning numbers to say the least. The article then goes on to suggest the 8 steps that can be made to help secure your backups, things such as immutable storage and using multiple types of storage. It then caps off my saying that testing is also one of the most important parts. Companies nee...
Read more

The Future of America's Cyber Defense

 The article I found for this week wasn't the typical type of article that I would write about. This one is about Congress pushing forward a proposal that, per the article, "would mandate an independent study of the readiness of America’s cyber forces" (see source at the bottom). I noticed while reading that this seemed to look at things from a more militaristic standpoint but I'm not sure if that is all that is really being discussed here. I would image other facets of the government, outside of the military would be a part of this investigation as it  should  pertain to the entire countries ability to defend itself. It also seems that the DoD might be opposed to this investigation too, which is pretty interesting. I'd be curious to look into this a bit further and maybe see where their objections truly lie. The article proposes that the DoD might be covering up their lack of preparedness by trying to deny the need for the investigation, but I truly hope that is ...
Read more