Internet Archive is still not fully recovered: Here's how the attack unfolded

News
By
published

The Wayback Machine returns, but only in a ‘provisional, read-only manner’

An image of an archive with drawer open, showing files.
(Image credit: Shutterstock / 300 librarians)

More details have emerged concerning the recent cyberattack against the Internet Archive, which appears to still not be fully recovered.

The archive is now back online, in a preliminary ‘read-only’ capacity whilst it continues to recover. Some services still remain offline, but the Wayback Machine operations have been resumed, although founder Brewster Kahle warned it may be suspended again in the case that it needs "further maintenance."

The incident came in the form of a Distributed Denial-of-service (DDoS) attack - which involves flooding a site with traffic to overwhelm a server, making it impossible to access. Research from Netscout revealed significant deviation of network traffic to archive.org, which supports the claims of a DDoS attack. Reports suggest there was at least 3 hours and 20 minutes of DDoS activity, and at least three distinct IP addresses used by archive.org received DDoS traffic.

Cautiously back online

In this specific case, the attack used two attack vectors: TCP reset floods and HTTPS application layer attacks. The TCP flood will flood a victim with huge numbers of Transmission Control Protocol (TCP) reset packets, which tricks a computer into terminating its connection with others in its network.

In contrast, the HTTPS application layer attack will typically aim to overwhelm servers by targeting the application layer in order to disrupt the normal flow of traffic, rendering normal services unavailable.

By crawling the web, the archive and its 150 staff work to preserve internet pages and provide free access to thousands of books, videos, and audio files. The motive for the attack isn’t clear, but the hack is said to have exposed the data of up to 31 million users.

The compromised data, which is said to include email addresses, screen names, and Bcrypt passwords, could leave users exposed and at risk of threat actors using their information for nefarious purposes.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.