Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
The boys (the Internet Archive) are back in town (in service) after a brief hiatus spurred by a chain of cyberattacks earlier this month.
In an Oct. 21 blog post, the non-profit announced that it had begun to offer a read-only version of its digital library website. The service joins the Wayback Machine and Archive-It—which were both made available again last week—as functions that have been restored following a slew of cyberattacks that had occurred earlier in the month.
“As the security incident is analyzed and contained by our team, we are relaunching services as defenses are strengthened,” the digital library said in the blog post. “These efforts are focused on reinforcing firewall systems and further protecting the data stores.”
The comeback after the setback. The feat arrives after a chaotic couple of weeks for the digital archive website, which serves as the internet’s generational storyteller. IT Brew previously reported that the non-profit organization suffered a data breach that reportedly compromised the information of 31 million users, and multiple distributed denial-of-service (DDoS) attacks earlier this month.
And the turmoil didn’t stop there. Shortly after IT Brew’s report, the Internet Archive found itself in trouble yet again as malicious actors exploited unrotated Zendesk API tokens to hurl another cyberattack its way. IT Brew, along with others, received the following email, presumably from the attackers, a few days after sending a request for comment to the digital library:
“It’s dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets. As demonstrated by this message, this includes a Zendesk token with perms to access 800k+ support tickets sent to [email protected] since 2018.”
Internet Archive founder and digital librarian Brewster Kahle did not address the recent breach on X, which he has used to provide updates on the latest cyber incidents. Kahle told the Washington Post last week that he was unsure of the motives behind the previous cyberattacks.
Takeaways. Roger Grimes, a data-driven defense evangelist at the security training platform KnowBe4, told IT Brew that organizations can learn from the Internet Archive’s unlucky month.
“One of the big takeaways is that you have to effectively respond to each incident and make sure that you’ve stopped the damage,” Grimes said.
Grimes added that organizations should ensure that they have a good communication plan in place during cyber incidents and that they shouldn’t be so quick to point the figure when hearing about new disturbances.
“If you see an organization that’s having a tough time, make sure you look at your own organization [and ensure] that you have your own house in order,” Grimes said.