top of page

The Dark Side of the Internet Archives: How Hackers Are Trying to Rewrite History

Why Internet Archives Matter

Most of us don't think much about internet archives like the Internet Archive. They're passive collectors of the web's history, preserving content that has long disappeared from the active web. This digital preservation is essential—not only for historians and journalists but also for anyone who values transparency and accountability in the digital age.

The ability to revisit old web pages is an incredible tool. Let’s dive into how simple it is to access these archives.


How to Use the Wayback Machine

The Wayback Machine, a feature of the Internet Archive, allows you to view historical snapshots of websites. Here's a quick guide to using it:

  1. Visit the Wayback Machine: Go to https://archive.org/web/.

  2. Enter a URL: In the search bar, type the URL of the site you want to view (e.g., cnn.com).

  3. Select a Year: Choose a year from the timeline that appears.

  4. Choose a Date: Click a specific date to see the website as it was on that day.

  5. View the Archived Page: The page will load as it appeared on the selected date.


For example, you can view how CNN's homepage looked on January 1, 2010. This tool offers us a glimpse into the past, but it’s also a tempting target for hackers.

A Timeline of the 2024 Attack on the Internet Archive

In late 2024, a chain of events unfolded that shook the Internet Archive:

  • September 30, 2024: Suspicious activity was first detected.

  • October 5: A serious breach was confirmed.

  • October 6: The Internet Archive was notified, though the news wasn’t yet public.

  • October 8: A DDoS attack began, targeting their servers.

  • October 10: The Internet Archive was completely taken offline.


The Scale of the Internet Archive

With over 890 billion web pages and 99 petabytes of data, the Internet Archive is a massive repository of digital history. To put it in perspective, viewing one web page per second would take over 28,000 years to see all the content stored there. This enormous collection makes the archive both invaluable and vulnerable.


Brewster Kahle: The Founder and Guardian of the Archive

Brewster Kahle, who founded the Internet Archive in 1996, has been a pioneer of digital preservation. Under his leadership, the archive has become a vital resource for journalists, researchers, and the public. During the 2024 attack, Kahle assured users that while the DDoS attacks were disruptive, the data itself was safe. Learn more about his work here.

A History of Attacks on Internet Archives

The Early Days of Cyber Attacks

In 2010, the Internet Archive faced a major DDoS attack. The goal wasn’t to steal data, but to make the archive inaccessible. Hacktivists aimed to disrupt access to historical snapshots, which some believed were being used by governments and corporations to cover up past actions. However, this attack ended up hurting independent researchers and journalists the most, as they rely on archived records for their work.


Types of Attacks Targeting Archives


DDoS (Distributed Denial of Service) Attacks

A DDoS attack overwhelms servers with fake traffic, causing them to crash. While it doesn’t alter the data, it makes archives unavailable for extended periods. A prime example was the 2024 attack, where crucial web pages documenting significant political events were temporarily inaccessible.


Defacement Attacks

In defacement attacks, hackers alter the content of archived pages, displaying false information. In one case, a hacker group in 2017 replaced data in a government report with politically charged misinformation, which can severely damage the credibility of archived records.


Data Manipulation/Injection Attacks

This type of attack involves manipulating the historical records within an archive. Hackers can inject malicious code or alter archived content, which can go unnoticed for years. SQL injection attacks are one way hackers manipulate data in archives.

Example of SQL Injection:

sql

Copy code

SELECT * FROM archives WHERE id = 1 OR '1'='1';

This simple code could allow an attacker to access and manipulate data in an archive’s database.


Emerging Threats: BlackMeta and Anonymous Sudan


BlackMeta: Hackers in the Shadows

One of the most sophisticated hacker groups to emerge in recent years, BlackMeta operates in the deep web, often targeting data repositories, archives, and major corporations. In 2024, BlackMeta was linked to attacks on various archival systems, aiming not just to disrupt access, but to alter historical data stored within. Their tactics include SQL injection and sophisticated malware designed to remain dormant for extended periods, allowing them to manipulate data when least expected.

Their main objective seems to be data manipulation for political and economic gains, as they tend to attack entities holding sensitive records. These types of attacks are difficult to detect, as they leave minimal footprints until the altered data is accessed.

Source: SN_BLACKMETA X ACCOUNT


Anonymous Sudan: Hacktivism Meets Cyberterrorism

Anonymous Sudan, another highly active group, rose to prominence in early 2023 with a series of politically motivated cyberattacks. Initially associated with Anonymous, they diverged in their methods, combining hacktivism with more aggressive cyber tactics like DDoS attacks and defacement campaigns. The group has explicitly targeted internet archives, attempting to bring them down to prevent access to politically sensitive materials.

In a June 2024 attack, Anonymous Sudan coordinated a major DDoS assault on archives housing controversial political documents, claiming their actions were in response to perceived Western imperialism. This attack disrupted access to critical online archives for days, impacting researchers and journalists globally.


Protecting Archives Against Modern Threats

With groups like BlackMeta and Anonymous Sudan on the rise, the need for stronger cybersecurity defenses for internet archives has never been clearer. These groups represent a new era of cyber threats, where data integrity and public access to information are at risk.

To counter these threats, organizations managing digital archives are increasingly turning to advanced security measures, including enhanced encryption, real-time monitoring, and partnerships with cybersecurity firms specializing in cloud-based DDoS mitigation.


The Response to Cyber Attacks

In response to the 2024 attack, the Internet Archive strengthened its security, disabling vulnerable code and enhancing encryption. They also partnered with cloud-based mitigation services to defend against future DDoS attacks.


Conclusion

As digital archives become increasingly important, they will also become more attractive targets for hackers. Protecting these repositories is crucial to preserving the web’s memory, ensuring future generations can access the full history of the internet. The battle for the integrity of internet archives is ongoing, but with proactive security measures, we can safeguard this valuable resource.

Comments


bottom of page