This is a most excellent place for technology news and articles.
State actors? Maybe.
It's a bit tinhatty, though I'm betting on something akin to corporate espionage pointed at the Internet Archive.
Could just be a 14 year old kid with a bit of talent too. Wouldn't be the first time.
I was wondering why I hadn't been able to access Internet Archive yesterday... Who would take down what is the digital equivalent to the Library of Alexandria? I can only imagine some really childish people who have nothing better to do with their lives. I hope that the website can recover from the attack soon! 🙏
Who would take down what is the digital equivalent to the Library of Alexandria?
I can think of a few possibilities
1: peddlers of misinformation
2: people who love the poorly educated and want the misdeeds of their political allies to be forgotten.
3: copyright trolls.
Of all the places to do this to, why The Archive?
with as long as this has been going on it really surprises me that nothing has come out as a motive. it seems kind of pointless to do this sort of thing and not make your intentions known
maybe it's a government or organization upset that they are keeping archives of things they don't like
The hacktivist group SN_BLACKMETA has claimed responsibility and cites US support of Israel as the motivation.
That's extremely stupid. that doesn't even make sense
Apparently, from a different article, the hackers did it because 'america bad'.
Which is fine as a message I guess, but picking this website is dumb.
https://bsky.app/profile/archive.org/post/3l67dtwvulp23
“Update: @internetarchive’s data has not been corrupted. Services are currently stopped to upgrade internal systems.
We are working to restore services as quickly and safely as possible.
Sorry for this disruption.”
Alright who has the donate link so I can help them out.
https://archive.org/donate This would be it if it were up and running. I wonder if there's any other avenues?
I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don't have to remember them due to using a password manager, so it's really no skin off my nose.
I'll use this as a reminder to everyone to improve your security. Some ideas:
Sucks that people are targeting IA, I hope there isn't any lasting damage and that this is a simple defacement/DOS.
Point 2... if you pay for a email aliasing service, you will be locked in. What I suggest is using plus addressing. e.g.
[email protected]
As long as you keep using randomized ones, this'll be as good as an alias against automated and manual login attempts. It just does not hide your base email, which would be
[email protected]
Many email services offer some free aliases. For example, I use one alias, along with my main email that is only used for important services. Other than that, I have an alias that is used for online accounts. This way, your main inbox is free of spammers. And even if your main address were to be the target of a spammer, the automatic spamming software most likely will not chop off the plus part, so you can easily block that email with the specific plus identifier. Not as good as external email aliasing services, but at least you won't be locked into the email aliasing service. Bitwarden has a generator for such things, really nice tbh.
For e-mails, you can just get firefox relay with your own subdomain and generate infinite e-mail masks for 1$ a month. I usually take "[email protected]" for example. It's pretty great because you just make the masks on the fly.
I've been doing this for several years now (not specifically that service, since I have my own domains). It's really nice knowing exactly who sold your email to the spam bots, because it's right in the address. Super easy to block once that happens.
Yeah, I bought some Chinese batteries a while ago and they sold/leaked my info to a dozen other scam companies. None of which I was able to unsubscribe from. Just ticked a box to disable the email and that was the end of that. If I hadn't, they would have been blowing up my inbox for the rest of eternity with no way to stop it or know where it came from.
What about plus addressing which is supported by most major mail services for free? You can just use [email protected] for example.
I didn't know that actually. They can still deduce your actual email address from that, but for the identification of the culprit that would work as well.
For users of Gmail, I can confirm this works and you can even set it up so that address+nameofshop goes to a folder called "nameofshop."
You can also apparently add a dot anywhere before @gmail.com and still receive the email. I haven't tried this one, but the last time I mentioned this someone said it was part of the email standard, so presumably it works.
I don't know of tricks specifically of this vein for proton mail, but I do know you can setup a catch-all address so, for example, something addressed to [email protected] goes instead to [email protected].
I've not tried SimpleLogin, but apparently it offers similar functionality.
I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don’t have to remember them due to using a password manager, so it’s really no skin off my nose.
I’ll use this as a reminder to everyone to improve your security. Some ideas:
use a password manager and use random usernames and passwords have multiple email accounts, and don’t use your “main” email w/ random signups - I use a simple mnemonic, like “<user>-<purpose>@domain.com”; so “[email protected]” or “[email protected]” so it’s easy for me to remember, but unlikely for a lazy hacker to pwn other accounts (a lot of these are automated); my real email is “[email protected]” use 2FA if offered, even if it’s stupid SMS or email based; having any extra step can deter an attackerSucks that people are targeting IA, I hope there isn’t any lasting damage and that this is a simple defacement/DOS.
thanks for the advices ! Would you recommend a particular password manager?
I like Bitwarden, largely because it's open source and audited by a reputable third party.
I have no sympathy for those who attack and deface our libraries, whether they be physical or digital
I can’t think of any reason to attack that website, what have they done wrong?
The attacker(s) apparently just did it to do it.
I have zero proof of this so take it for the musing it is, but the Internet Archive/Wayback Machine can be used to view articles that have been taken offline (sometimes for political reasons). The IA is a very accessible way to prove that once something is on the Internet, it's out there forever. I used it in a recent post to show an Israeli newspaper article that argued Israel had a right to not just Palestine, but Lebanon, Syria, Iraq, and other territories. It was taken off the newspaper's website a few days later, but IA had it.
This may explain why no one is taking credit, and there are no demands. Or it could very well be another reason, including people just being assholes.
so if this is the case then it could be a foreign government
Archived something someone doesn't want to be seen by the world... like any and all since-removed misinformation for one...
Yeah, this is a bit like vandalizing a library. They are providing a valuable public service, leave them alone.
I used a 64 charcters unique password, so i don't think the bcrypt hash of it would be of any use for them.
I take it you've never had to log into a printer with an AD account before?
Yeah, I went out to 32 characters once. Until I needed to work on a printer.
The first time I got a password manager I set everything I could to 128. Can’t believe how many sites allowed me to do that… the first time I had to actually type one out I learned my lesson.
The corporations that took control of the Internet don't want us to remember.