Internet Archive is still not fully recovered: Here's how the attack unfolded

News
By published

The Wayback Machine returns, but only in a ‘provisional, read-only manner’

An image of an archive with drawer open, showing files.
(Image credit: Shutterstock / 300 librarians)

More details have emerged concerning the recent cyberattack against the Internet Archive, which appears to still not be fully recovered.

The archive is now back online, in a preliminary ‘read-only’ capacity whilst it continues to recover. Some services still remain offline, but the Wayback Machine operations have been resumed, although founder Brewster Kahle warned it may be suspended again in the case that it needs "further maintenance."

The incident came in the form of a Distributed Denial-of-service (DDoS) attack - which involves flooding a site with traffic to overwhelm a server, making it impossible to access. Research from Netscout revealed significant deviation of network traffic to archive.org, which supports the claims of a DDoS attack. Reports suggest there was at least 3 hours and 20 minutes of DDoS activity, and at least three distinct IP addresses used by archive.org received DDoS traffic.

Cautiously back online

In this specific case, the attack used two attack vectors: TCP reset floods and HTTPS application layer attacks. The TCP flood will flood a victim with huge numbers of Transmission Control Protocol (TCP) reset packets, which tricks a computer into terminating its connection with others in its network.

In contrast, the HTTPS application layer attack will typically aim to overwhelm servers by targeting the application layer in order to disrupt the normal flow of traffic, rendering normal services unavailable.

By crawling the web, the archive and its 150 staff work to preserve internet pages and provide free access to thousands of books, videos, and audio files. The motive for the attack isn’t clear, but the hack is said to have exposed the data of up to 31 million users.

The compromised data, which is said to include email addresses, screen names, and Bcrypt passwords, could leave users exposed and at risk of threat actors using their information for nefarious purposes.

More from TechRadar Pro

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Read more
DDoS inscribed on a digital background made up of numbers
DDoS attacks take down game studio servers, causing DayZ and Arma network outages
DeepSeek on an iPhone
DeepSeek forced to pause new signups following large scale cyberattack
The British Museum main entrance
British Museum forced to partly close following cyberattack by ex-worker
Ransomware
Researchers hijack thousands of backdoors thanks to expired domains
An image of network security icons for a network encircling a digital blue earth.
Standing strong against hyper-volumetric DDoS attacks
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is back – here's what we know about the 'massive cyberattack' that caused Twitter to go down multiple times
Latest in Pro
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
More about pro
Asus Ascent GX10 Rear

Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
HP ZBook Ultra G1a

HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
See more latest
Most Popular
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum